Transcript:
Hi, I'm Nemi George, VP / CISO for PDS Health, responsible not just for security but also infrastructure, operations, architecture, engineering, and governance.
Question 1: Why did you select Valence Security?
You think about most organizations and you probably have about an 80 percent ratio of SaaS applications to on-prem or whatever traditional application stack you have.
And we had a significant blind spot, in not just knowing what third-party SaaS applications were being used, but understanding the risk that these applications posed to our overall security posture.
Question 2: How are you prioritizing SaaS security today?
SaaS security is right up there with identity security. I think between identity security, SaaS security, as well as overall data security, if you focus on those things, ultimately the applications, the users, and the data.
That is, for me, the holy trinity. But the industry is certainly moving a lot more rapidly towards security posture aimed at users.
So identity applications, which is where the bulk of your data now sits. And also traditionally just understanding where your data moves.
Question 3: Why did you prioritize SSPM in your search?
I think the SSPM space was much needed. All the spaces needed to be addressed, right? We always had identity, and with our identity platforms we were able to see who’s got access to what application.
But kind of the way I explain it from a non-technical standpoint is my identity solution largely allows me to say who gets into the house, who gets through the front door.
Once they’ve got through the front door, what do they have access to do within that house, within that building? So we needed a solution to help us do that.
And so that was a very clear driver for us from the onset, just understanding not just who gains access to an application, but how access within the application is managed, what privileges exist within the application, and overall the risk an application poses to us if not configured properly.
Question 4: Where has Valence saved your team the most time?
Some of the reports that we can get right off the bat using an SSPM tool like Valence would have taken us, in the past, combing through logs, exporting log information into some type of report, and then threading a person through the report to try to get to what you’re looking for.
But also very importantly, you would need to know precisely what you’re looking for and go hunting for that information.
Now, using a tool like Valence, that information is surfaced to the team directly and then they can act on it.
If I had to throw a number out, I would probably say for a typical investigation all the way through to remediation, the end-to-end process, having an SSPM tool probably saves us anywhere from 80 percent and upwards in time spent trying to piece all of this information together either using a SIEM, which is more traditional, or going from one application to the other trying to investigate or look through the information, which is almost mission impossible.
You never do it unless you’re looking for something in particular. This allows us to do it at scale across the rest of our application stack.
