Riskified Secured their Entire SaaS Ecosystem with Valence

Riskified faced an increasing challenge: securing a rapidly growing SaaS environment across critical applications. Riskified initially turned to Valence in 2021 to secure a handful of their most critical SaaS—Google Workspace, Okta, Salesforce, and GitHub—but quickly realized the need for broader coverage to protect additional SaaS platforms essential to its business operations.

With Valence, Riskified gained the centralized visibility and automation needed to secure its core SaaS applications and has steadily scaled security coverage to 20+ SaaS platforms—including financial and HR systems such as NetSuite and SAP SuccessFactors. By leveraging Valence’s Connector Forge app expansion program and working closely with Valence’s product and customer success teams, Riskified has consistently onboarded additional applications, continuing to strengthen its overall SaaS security posture over the last several years.

Initial SaaS Security Challenges

Prior to implementing Valence’s SaaS Security Platform in 2021, Riskified struggled with limited, fragmented visibility into their SaaS applications. Like many organizations, Riskified has distributed administration of SaaS applications across various business units, and each unit had previously managed its own critical tools without centralized oversight. This decentralization placed a greater burden on the security team, limiting their visibility into application configurations and usage while making it harder to proactively mitigate risks such as misconfigurations, excessive privileges, identity-related risks (both human and non-human), and data exposure.

Identity security was a significant challenge, as local accounts in certain SaaS applications weren’t linked to the company’s identity provider—potentially bypassing single sign-on (SSO) and remaining unmanaged by the security team. Over time, as users left the company or changed roles, their accounts and access credentials could remain active, creating a need for more robust lifecycle management processes. Fragmented offboarding led to excessive access, and the manual deprovisioning process across a vast SaaS environment was both time-consuming to manage and prone to errors.

Additionally, the rapid growth of SaaS-to-SaaS integrations made monitoring increasingly difficult. With business teams directly connecting applications, tracking and managing OAuth permissions across platforms like Google Workspace and GitHub became a challenge. Riskified wanted to future-proof its SaaS security strategy with a unified security approach that could identify and remediate risks across the organization, and continue to scale with the evolving risk landscape and internal decentralization.

Solution

SaaS Security Transformation with Valence

Riskified initially adopted Valence to secure its core SaaS applications such as Google Workspace, Okta, Salesforce, and GitHub—focusing on identity risks, inactive accounts, and third-party integrations.

Valence’s SaaS Security Posture Management (SSPM) capabilities provided deep application visibility, enabling Riskified’s security team to monitor, manage, and remediate potential risks across their SaaS ecosystem. Valence’s automated remediation capabilities were a game-changer, particularly in managing inactive or unneeded SaaS-to-SaaS integrations. Valence’s proactive approach to identifying and flagging risky or redundant connections allowed Riskified’s security team to engage business owners, ensuring appropriate remediation.

Valence provided Riskified with the tools to navigate its decentralized management model, enabling SaaS owners across departments to collaborate effectively with the security team. The platform’s deep integration capabilities across critical SaaS applications like GitHub, Google Workspace, and Okta enabled Riskified to achieve real-time monitoring, automate risk remediation, and enforce security policies across the board.

One of the most significant improvements came from Valence automating the revocation of thousands of OAuth tokens tied to inactive or unnecessary SaaS-to-SaaS integrations across GitHub, Salesforce, Google Workspace, and other applications. This process not only bolstered Riskified’s security posture, it also reduced the manual burden on the security team, freeing them up to focus on higher-priority initiatives.

With Valence, Riskified leveraged the platform’s extensive risk remediation capabilities to collaborate with their business users and automate workflows that delivered the following results:

88% reduction in externally shared Google Drive files
82% reduction in dormant GitHub SaaS-to-SaaS integrations
Automated revocation of thousands of tokens related to inactive or unnecessary SaaS-to-SaaS integrations across multiple platforms

Expanding SaaS Security Coverage with Valence

After securing its foundational SaaS applications, Riskified saw an opportunity to extend Valence’s coverage to additional platforms—with a particular focus on securing NetSuite and SAP SuccessFactors. Valence worked closely with Riskified to expand security coverage to additional business-critical SaaS platforms, furthering the ongoing maturity of their SaaS security posture:

NetSuite security: Riskified leveraged Valence to secure NetSuite—its financial management platform—allowing them to address misconfigurations and monitor sensitive data access. With Valence, Riskified discovered a substantial number of NetSuite files shared anonymously with “open links” and subsequently reduced that exposure by 99%, significantly reducing the risk of unauthorized access to sensitive financial data.
SAP SuccessFactors security: When Riskified transitioned its HR operations to SAP SuccessFactors, Valence ensured security gaps were identified and mitigated alongside findings from other SaaS applications. With the deep context of this integration, Valence surfaced offboarding workflow issues, enabling Riskified to remove access for former employees and contractors.
Rapid integration via Valence Connector Forge: Valence’s fast and efficient integration process (typically 1–5 business days) enabled Riskified to onboard new applications quickly, ultimately achieving complete security coverage across 20+ SaaS platforms.

“Valence secures our entire SaaS ecosystem—and with Connector Forge, we’re constantly expanding that coverage. We gained full visibility into apps like NetSuite that were previously unprotected and difficult to monitor. Valence doesn’t just check the obvious boxes—it continues to provide us with the depth and breadth required to secure our complete SaaS environment.”

Yossi Yeshua, CISO at Riskified

The Result

Unified and Scalable SaaS Security

By partnering with Valence, Riskified now benefits from comprehensive SaaS security coverage across 20+ applications with centralized visibility. The security team is able to scale remediation efforts with automated workflows and tight collaboration with business users—streamlining responses to OAuth and data exposure risks. These efforts have been in motion since 2021 and reflect Riskified’s long-standing commitment to proactive, high-standard SaaS security. With Valence’s ongoing support, Riskified continues to manage SaaS security proactively and at scale, ensuring that every critical application remains protected.