Valence Reduced Highspot’s SaaS Data Exposure by 55%

Founded in 2012, Highspot helps companies worldwide improve the performance of their sales teams by turning strategic initiatives into business outcomes. Their unified sales enablement platform gives revenue teams a single solution to elevate customer conversations and drive repeatable revenue, bringing together native content and guidance, training and coaching, and engagement intelligence – all supported by actionable analytics.

Highspot removed 55%

of unnecessary external SaaS data shares, automatically, without slowing down the business

of inactive tokens without any manual effort.

Industry
‍Sales enablement platform

Company Profile

Founded in 2012
~1000 Employees - global workforce
Raised $645m
Multiple SaaS applications

Solution
‍Valence SaaS Security Platform

Challenges

Data Share Analysis and Cleanup

Highspot’s employees are empowered to share data as necessary to collaborate with external partners, customers, and other third parties. This flexibility has enabled Highspot to grow at a phenomenal rate, reaching a $3.5 billion valuation in just 10 years. However, growing this quickly can come with negative consequences, and Highspot’s security team suspected they might have some challenges with employees setting overly broad permissions for external data shares.

Two common issues with external data sharing: sensitive company data gets shared outside of the organization, and data that should be shared externally with partners and contractors never gets unshared once it is no longer needed. The biggest challenge, however, is the breadth and scale of data sprawl and external sharing across SaaS platforms. Data sharing is often associated with SaaS file storage products like OneDrive, Box, Dropbox, and Google Drive. However, nearly every modern SaaS application has a method for sharing data externally – GitHub, ServiceNow, Salesforce, and even Zoom (where saved recordings can be publicly shared) could leak sensitive corporate data.

‍

Highspot’s SaaS Environment

Highspot has multiple use cases. As a cloud-born hyper-growth startup, they are reliant on modern productivity and collaboration tools and automation – most of which reside within SaaS platforms. Their primary productivity suite is Google Workspace, with a fairly sizable Microsoft 365 footprint as well. Additional SaaS applications used for CRM, source code management, project management, HR management, and others form a complex SaaS mesh of interconnected SaaS applications.

Understanding the scope of external access to sensitive data hosted in SaaS platforms

Offboarding former employees while safely cleaning up integrations and access to data

Enforcing least privilege access to data and APIs by removing unnecessary third-party access

Why Lionbridge Chose Valence to Remediate their SaaS Security Risks

The problem is, sensitive data is easy to share with external parties, but no one ever thinks to unshare it when no longer needed.

Solution

The Aha! Moment

Highspot leveraged the Valence SaaS Security Platform to assess its SaaS security risks. The agentless platform scanned Highspot’s core SaaS applications and was immediately able to provide visibility into how these SaaS applications are configured. The Valence findings included insights regarding dormant accounts, unauthorized third-party integrations, unmanaged identities, misconfigurations, and of course - externally shared data.

The Highspot security team prioritized data security and removing unnecessary externally shared data as a key focus area. The challenge was how to scale remediating a large risk surface with limited security resources. The team decided to leverage Valence’s automated remediation workflows. The business was originally reluctant to allow automated SaaS remediation, as it was nervous about disrupting employees. The first day after enablement, however, 38% of Highspot’s external data shares were removed. The impact was zero - there wasn’t a single disruption to users or business continuity.

“Valence provides insight into our key SaaS platforms that they should provide themselves but don’t. And pulling together the data, helps us surface and remediate risks with little time and effort that we’d be hard pressed to find with our SaaS applications alone.”

Peter Oehlert, Chief Security Officer

Results

Enabling policies to remove idle and unused data shares was easy and quick. Highspot was interested in seeing the impact of these automated policies over time, however. Would data shares rise back to record levels, or would these policies keep them in check? Employees continue to share data, but after six months, the total number of external data shares has continued to decrease at a rate of 6% per month. Over time, the risk surface decreased by 55%.

Ongoing, Highspot has fully automated remediation, replacing previously manual processes. With data share policy enforcement now on auto-pilot, the security team is free to explore their next SaaS security challenge and find other risks to address.