The democratization of IT has increasingly empowered business users–from marketing to finance–to manage their best-of-breed SaaS applications without IT security review or governance. This has, in turn, greatly reduced deployment time and enhanced business agility, productivity, and collaboration. As the use of these SaaS applications has exponentially grown over the last eight years, I have been committed to helping secure human user-to-application interactions by building and driving marketing organizations at leading Cloud Access Security Broker (CASB), Cloud Infrastructure Entitlements Management (CIEM) and Privileged Access Management (PAM) vendors.
During that time, however, I have come to recognize that securing human users is not enough. The non-human-to-SaaS connections that make up the SaaS-to-SaaS supply chain are the most overlooked weak points in an organization’s SaaS security strategy.
Core business applications are increasingly interconnected to maximize their benefits by automating business processes and data exchange. Business users now integrate critical applications like Microsoft 365, Google Workspace, and Salesforce with a rising number of third-party SaaS applications. These integrations use direct APIs, OAuth apps in SaaS marketplaces, and no/low code citizen development platforms such as Zapier, Workato, and Mulesoft.
Unfortunately, business users often indiscriminately connect their SaaS applications, increasing the risk of unvetted supply chain access to business-critical applications. As the number of these SaaS-to-SaaS third-party integrations grow, security and compliance teams increasingly struggle to ensure proper coverage of their third-party risk management (TPRM) programs – an impossible task as they lack visibility into which vendors have access to their applications and the scope/exposure of such access.
The lack of continuous governance over SaaS-to-SaaS supply chains results, in turn, in overexposing sanctioned business-critical SaaS applications to inherently risky or over-privileged third-party integrations. Vetted applications with assured security can be made unsafe through such integrations, given that they are typically created by end users who are encouraged to consent to OAuth apps by SaaS vendors. Many are unaware of the security implications of their actions or how to revoke the access they granted.
The scale of adoption of new SaaS applications and their potentially risky integrations with sanctioned business applications, then, leaves under-resourced security teams outnumbered and outpaced when trying to apply security controls to their SaaS-to-SaaS supply chain.
Valence is the first SaaS security company to focus on the non-human element driving interconnectivity between business applications. The Valence Platform empowers security teams by automating the process of applying zero trust controls to their SaaS-to-SaaS supply chains.
With the growing threat of supply chain attacks and other third-party integration risks, and the lack of existing solutions, the SaaS security market is ripe for innovation.
No solution prior to Valence has provided the comprehensive visibility required to effectively manage the risks of growing indiscriminate and shadow connectivity between applications. CASBs, IAM, ZTNA, managed devices and other solutions perform the critical security function of securing human-to-SaaS interactions and still leave non-human-to-SaaS-app integrations exposed. Valence secures non-human-to-SaaS-app integrations while also minimizing the deployment and management overhead for security team resources.
Given my passion and nose for cutting-edge security technologies, as well as my extensive experience working with SaaS security solutions, I fervently believe in Valence’s potential to transform the industry by mitigating SaaS supply chain risks. This is why it is my absolute pleasure to announce that I have joined SaaS Security pioneer Valence Security as its first VP of Marketing.
I’m honored to spearhead Valence’s marketing mission to establish the company as the undisputed market and thought leader in the discovery and mitigation of third-party integration risks for critical SaaS applications. Already a fast-moving company, enterprises are quickly taking notice. Working together with its highly talented founders, CEO Yoni Shohet and CTO Shlomi Matichin, as well as the rest of the gifted team, I fully intend to accelerate this momentum and enable Valence to achieve its full potential. I look forward to sharing our quest to transform the SaaS security industry and keep core business applications and business-critical data safe from the risks of unvetted SaaS-to-SaaS supply chains.