How ServiceTitan Streamlines their SaaS Security with Valence

ServiceTitan is the software platform that powers trades businesses. The company’s cloud-based, end-to-end solution gives contractors the tools they need to run and grow their business, manage their back office, and provide a stellar customer experience. By bringing an integrated SaaS platform to an industry historically underserved by technology, ServiceTitan is equipping tradespeople with the technology they need to keep the world running.

SaaS Security Challenges

ServiceTitan needed a security solution that kept pace with its rapid growth and decentralized adoption of SaaS. The security team needed deeper visibility into how core applications were configured, how data flowed within and across these tools, how data was shared with external collaborators, and which third-party SaaS applications had access. This lack of visibility hindered the team's ability to implement and enforce consistent security best practices.

To address these challenges, the company invested significant manual effort in vetting new tools, understanding employee needs, and ensuring security compliance. This approach was time-consuming and inefficient. The need for a more proactive, continuous solution became evident as ServiceTitan sought to gain better visibility into its SaaS environment and manage risk related to data security, non-human identities, and third-party access.

Moreover, the distributed ownership of SaaS applications across various business units also posed security risks. With over a dozen core SaaS applications managed by different teams, ServiceTitan needed a better way to coordinate security efforts and ensure consistent practices.

ServiceTitan’s SaaS Environment

ServiceTitan relies on a robust SaaS ecosystem to support its operations. Key applications include Microsoft 365 (including OneDrive and SharePoint), Google Workspace, Zoom, Okta, Atlassian, GitHub, Salesforce, SentinelOne, Workday, Snowflake, and Slack. These tools are essential for various functions such as communication, collaboration, identity management, security, human resources, and data management.

Solution

Gaining Control with Valence

ServiceTitan recognized the need for a comprehensive SaaS security solution. Valence emerged as the ideal partner, offering unparalleled visibility, control and automated remediation of SaaS risks. Valence's ability to manage non-human identities and third-party access was a key differentiator. Beyond access control, Valence addressed the broader spectrum of SaaS security risks – lifecycle management, data sharing, configuration management.

Valence's automation capabilities were a game-changer for ServiceTitan. The platform's ability to proactively identify and flag inactive SaaS-to-SaaS integrations enabled the security team to engage with business owners to understand their continued need for these connections. By incorporating policies that allow for employee notification and risk remediation, Valence fostered a collaborative approach to security. This not only helped maintain business continuity but also educated employees about the importance of SaaS security best practices.

Valence also addressed another challenge in SaaS security, specifically that of unmanaged identities. These are local accounts, created directly within SaaS applications, bypassing the company's Single Sign-On (SSO) system or identity provider (IdP). When such local accounts go unnoticed, they can remain active even after an employee leaves the company, creating security risks because they may retain access privileges. Valence helped ServiceTitan identify unmanaged accounts across their connected SaaS applications, and to enable them with easy offboarding if these accounts were deemed unnecessary.

The Result

By implementing Valence, ServiceTitan significantly improved its SaaS security posture. The platform's ability to automate remediation tasks, such as revoking inactive SaaS-to-SaaS integrations, reduced the risk of data breaches, dramatically reduced data sprawl and enhanced overall security. Through easy security policies, ServiceTitan was able to automatically revoke over 50% of inactive SaaS-to-SaaS integrations on day one, with this number increasing to over 80% within six months.

As ServiceTitan worked to scale their business, the amount of files/folders shared outside of the organization was compounded. Leveraging Valence’s visibility they were able to identify where those shares existed, who had access to the data, and could determine if they were in use. By creating an automated policy in Valence they were able to revoke 85% of external shares and drastically decrease the amount of data sprawl.

When it comes to SaaS accounts managed outside of the corporate SSO, Valence empowered ServiceTitan to reduce the number of these unmanaged users by 85% across core SaaS applications connected to the platform.

To date Valence has connected to over 12 SaaS applications and is engaging 5 different platform teams with over 25 platform owners to maintain a strong SaaS posture. This cross team collaboration has been critical to the program’s overall success. These platform teams represented applications such as Salesforce, Workday, Atlassian, Snowflake and GitHub.These results demonstrate the tangible benefits of Valence in improving ServiceTitan's security posture, reducing risk, and streamlining operations. Valence's automation capabilities enabled the security team to focus on more strategic initiatives, while its collaboration features fostered a shared responsibility model for security across the organization.

Automated remediation of over 50% inactive SaaS-to-SaaS integrations day one and continued value seeing over 80% revoked over 6 months

Improved collaboration with SaaS owners

85% reduction in number of users that were unmanaged by IdP across core SaaS applications connected to Valence

85% reduction in the number of externally shared files from Google Drive

Core SaaS applications now sending logs to Valence for a holistic monitoring of activity across platforms

“Valence's automation capabilities have significantly improved our security posture. The ability to automatically revoke unused integrations and identify dormant user accounts allows us to focus on strategic security initiatives.”

Paul Intrarakha, Sr. Principal, Application Security Architect, ServiceTitan

Benefits

Enhanced visibility and comprehensive insights into the entire SaaS environment

Reduced risk exposure through Identification and remediation of security risks through both manual and automated remediation workflows

Streamlined collaboration with over 25 SaaS owners for risk mitigation

Streamlined user offboarding process, ensuring that access privileges are promptly revoked upon employee departure

Future of SaaS Security: Collaborative Risk Management

ServiceTitan prioritizes continuous engagement with SaaS owners to maintain a strong security posture across all applications. Valence plays a crucial role in this strategy by providing data-driven reports that facilitate communication and risk mitigation. As new technologies like Generative AI (GenAI) emerge, Valence will be instrumental in ensuring secure adoption within ServiceTitan's SaaS ecosystem.

Case study