The
use
of
software
as
a
service
(SaaS)
is
experiencing
rapid
growth
and
shows
no
signs
of
slowing
down.
Its
decentralized
and
easy-to-use
nature
is
beneficial
for
increasing
employee
productivity,
but
it
also
poses
many
security
and
IT
challenges.
Keeping
track
of
all
the
SaaS
applications
that
have
been
granted
access
to
an
organization’s
data
is
a
difficult
task.
Understanding
the
risks
that
SaaS
applications
pose
is
just
as
important,
but
it
can
be
challenging
to
secure
what
cannot
be
seen.
Many
organizations
have
implemented
access
management
solutions,
but
these
are
limited
in
visibility
to
only
pre-approved
applications.
The
average
medium-sized
organization
has
hundreds,
and
sometimes
thousands,
of
SaaS
applications
that
have
been
adopted
by
employees
who
needed
a
quick
and
easy
solution
or
found
a
free
version,
completely
bypassing
IT
and
security.
This
leads
to
a
significant
risk
as
many
of
these
applications
do
not
have
the
necessary
security
and/or
compliance
standards
and
yet,
they
have
permissions
into
the
organization.
⚡
Wing
Security
recently
announced
that
it
is
making
its
SaaS
application
discovery
engine
available
as
a
free,
self-service
product.
The
tool
is
designed
to
help
companies
identify
risky
SaaS
applications
that
have
been
adopted
by
employees
without
following
company
policy.
Democratizing
SaaS
Discovery
The
risks
associated
with
SaaS
Shadow
IT
have
become
more
prevalent
in
recent
years
due
to
the
widespread
use
of
SaaS
within
organizations.
However,
many
of
the
security
solutions
that
were
available
in
the
past
focused
on
making
security
teams
aware
of
the
problem,
rather
than
providing
in-product
or
automated
remediation
capabilities.
Indeed,
the
first
step
in
addressing
SaaS-related
risks
is
to
have
a
clear
understanding
of
the
SaaS
stack
in
use
within
the
organization.
This
information
should
be
easily
accessible
and
just
as
simple
to
navigate
as
the
SaaS
applications
themselves.
To
help
security
teams
gain
proper
visibility
and
understanding
of
the
risks
associated
with
the
growing
use
of
SaaS,
Wing
Security
(Wing)
has
decided
to
offer
its
SaaS
Discovery
tool
as
a
free,
self-service
product,
as
can
be
seen
here.
The
company
aims
to
provide
security
teams
with
a
comprehensive
view
and
better
understanding
of
the
SaaS
applications
used
within
their
organization,
regardless
of
their
size
or
the
size
of
their
budget.
What
is
included
in
the
Wing
Security
Free
edition?
-
Quick
and
easy
self
onboarding. -
Friendly
dashboard
view
of
the
SaaS
applications
being
used
within
the
organization,
3rd
party
applications
included. -
Risky
applications
are
flagged
within
the
system -
Details
of
which
compliances
each
SaaS
application
meets,
how
they’re
connected
to
the
organization,
the
permissions
they’ve
been
granted,
and
which
users
are
using
them
(for
the
first
100
applications). -
Wing
Security’s
reputation
score
for
each
SaaS
application
expressed
as “shields”
with
0
to
3
shields. -
Classification
and
tagging
options.
 |
|
Wing Security Free edition. |
Non-Intrusive
Discovery:
No
agent,
no
proxy
Understanding
that
modern
security
solutions
should
not
be
intrusive
in
any
way
is
at
the
core
of
Wing
Security’s
new
offering.
To
map
out
an
organization’s
use
of
SaaS
applications,
Wing
connects
to
major,
IT-approved
SaaS
applications
using
APIs.
These
are
applications
that
are
commonly
used
in
almost
every
environment,
such
as
Google,
Office
365,
Salesforce,
GitHub,
and
Slack,
to
name
a
few.
Wing
is
then
able
to
map
out
all
the
SaaS
applications
that
are
connected
to
these
applications
and
the
ones
connected
to
them.
SaaS
applications
are
interconnected
in
a
giant
mesh,
creating
a “shadow
network”
of
connections.
This
shadow
network
is
used
by
Wing
to
map
out
applications,
but
it
can
also
be
a
security
concern
as
it
can
be
used
for
lateral
movement
within
the
organization.
In
its
full
enterprise
offering,
Wing
also
maps
out
all
the
users
who
use
these
applications,
the
data
that
resides
in
and
between
these
applications,
and
provides
near-real-time
security
alerts
when
an
application
in
use
is
compromised.
 |
|
Wing Security ‘Connects’ to SaaS applications through APIs |
What’s
required
from
the
users?
Keeping
in
tune
with
Wing
Security’s
non-intrusive
Discovery,
the
Wing
Security
Free
edition
requires
very
basic
permissions
which
can
be
granted
by
the
organization’s
super
admin.
Most
of
the
required
permissions
are
read-only.
There
is
one
permission
within
Google
that
requires
a ‘manage’
access,
asked
in
order
for
Wing
to
provide
visibility
into
the
tokens
that
users
issued
to
3rd
party
apps.
Wing
Security
mentions
on
the
relevant
product
page
that
keeping
the
customers’
data
safe
is
a
priority
and
provides
the
compliances
they
have
in
place
for
data
security.
What
counts
as ‘SaaS’?
While
the
term
SaaS
traditionally
stood
for
Software
as
a
Service,
not
all
SaaS
these
days
is
always
paid
for
as
use
of
the
word ‘Service’
might
imply.
There
are
3
types
of
common
SaaS
used
these
days:
-
Widely
used
enterprise
SaaS
such
as
Stack,
Dropbox,
Google,
Microsoft,
that
mainly
consist
of
paid
users. -
Niche-use,
somewhat
lesser
known
SaaS
that
target
specific
industries,
such
as
Figma
or
Canva
for
design,
Outreach
for
sales,
Github
for
engineers.
Wing
for
SaaS
Security.
These
SaaS
users
can
include
both
paid
and
non-paid
users. -
Completely
free
apps
used
by
individuals,
probably
without
anyone
else
knowing
about
it.
Also
includes
apps
that
were
signed
up
for
their
free
trials
and
forgotten
about
for
whatever
reason.
While
these
are
the
3
main
types
of
SaaS
applications,
they
are
more
like
markers
on
a
spectrum.
SaaS
applications
regularly
move
up
and
down
this
spectrum
as
the
companies
grow
and
evolve.
But
as
long
as
these
applications
are
logged
into
using
the
organization’s
email,
they’ll
be
discovered
by
Wing
Security
Free
Discovery.
What
is
further
available
with
Wing
Security’s
paid
version?
Wing
Security’s
paid
version
is
called
the
Wing
Security
Enterprise
edition,
which
includes
everything
from
the
Free
edition,
as
well
as:
-
Deeper
SaaS
discovery
which
includes
discovery
of
all
browser
extensions
and
any
kind
of
locally
installed
or
in-house
developed
SaaS
applications -
Monitoring
for
any
sensitive
data
being
shared
on
SaaS
applications.
For
example:
AWS
keys
shared
on
public
slack
channels. -
Manage
user
related
risks
such
as
excessive
permissions,
user
inconsistencies,
or
abnormal
usage. -
Real-time
threat
intelligence
alerts
and
actionable
updates
in
the
event
any
SaaS
apps
being
used
within
the
organization
are
party
to
a
breach
or
cyberattack. -
Remediation
tools.
Many
of
the
issues
discovered
by
Wing
Security
can
be
resolved
with
just
a
few
clicks
within
Wing’s
easy-to-use
interface,
without
having
to
deal
with
solving
it
manually. -
Built-in
Automation
tools.
Some
SaaS
security
issues
can
be
wide
reaching,
with
thousands
of
instances
of
the
same
issue
repeatedly
found.
Manually
attempting
to
fix
the
issue
could
take
years!
Wing’s
built-in
automation
tools
make
it
possible
to
solve
such
cases
in
minutes,
with
just
a
few
clicks.
With
long
term
protection
activated
by
setting
up
a
policy
which
Wing
Security
then
helps
invoke,
as
new
instances
of
the
same
issue
are
likely
to
appear
again
in
the
future. -
End-user
engagement.
A
nice
added
detail
within
the
Wing
interface
is
that
the
automation
can
be
set
up
to
include
keeping
the
end
users
in
the
loop.
Either
by
simply
informing
them
of
the
issue
and
how
it
was
fixed,
or
by
letting
them
click ‘Approve’
to
let
the
issue
be
solved
by
the
automation.
In
the
event
users
ignore
or
miss
the
message,
a
default
is
in
place
to
automatically ‘Approve’
the
task
after
a
set
amount
of
time.
In
summary,
Wing
Security’s
new
tool
addresses
the
growing
use
of
SaaS
and
the
security
and
IT
challenges
it
poses,
by
tracking
the
SaaS
applications
that
have
been
granted
access
to
an
organization’s
data.
The
free
edition
includes
a
quick
and
easy
self-onboarding
process,
a
friendly
dashboard
view
of
the
SaaS
applications
in
use,
risky
applications
notice,
compliance
and
permissions
information,
and
a
reputation
score
for
each
application.
The
tool
uses
a
non-intrusive
method,
connecting
to
major
IT-approved
SaaS
applications
using
APIs,
to
map
out
an
organization’s
use
of
SaaS
applications
without
causing
any
disruption.
For
more
information
on
Wing
Security’s
new
Free
SaaS
Discovery
solution,
click
here.
