Valence Security Announces $25M A Round Led by Microsoft M12

The SaaS Mesh is a SaaS Mess

An evolving network of SaaS applications, integrations, data sharing privileges, and user identities are enabling and accelerating business, but are also creating a new risk surface

Valence- Collaboratively Remediate Your SaaS Security Risks-The SaaS Mesh is a SaaS Mess

The Expanding SaaS Mesh

SaaS applications have become deeply embedded in every business function within forward thinking organizations, from sales and marketing to R&D. Designed to facilitate business productivity and efficiency, they empower business-users to adopt and interconnect them directly and at scale.

As a result of indiscriminate adoption, however, SaaS applications, integrations, users and data have evolved into a sprawling SaaS mesh ungoverned and unmanaged by security teams.

Instead of centralized control and management by IT security teams, adoption, administration, and management is distributed across departments, functions and business units.

The unmanaged growth of SaaS applications and their connections has led to increased organization-wide exposure to attacks that exploit vulnerabilities in third-party integrations, account compromise and data loss

Ungoverned SaaS Integrations

SaaS platforms encourage business users to connect their best of breed SaaS applications using third-party SaaS-to-SaaS integrations. Whether if it’s an end user connecting an OAuth app, an administrator creating an API key or a citizen developer automating a business workflows with no/low-code platforms like Microsoft Power Platform, Workato, Zapier, etc., these integrations can increase the risk of attack since they are often insecure, inactive and over privileged.

Collaboratively Remediate Your SaaS Security Risks- Valence- Ungoverned SaaS Supply Chains

Rogue External Data Sharing

Business users rely on SaaS applications to share data with both internal and external collaborators. Users can easily share sensitive data such as documents, presentations, emails, and even source code, with specific users or to open them to allow public access. Typically, users are unaware of the security implications of their data sharing settings and more often than not they set overly broad sharing privileges that can expose sensitive data to unauthorized users outside of the organization.

Collaboratively Remediate Your SaaS Security Risks- Valence- Rogue External Data Sharing

Unmanaged SaaS User Identities

Adoption of identity providers (IdP) such as Okta became an industry standard to manage organizational users. But such solutions have a limited purview, since they cover only part of the human user access, lack visibility into authorization within the platforms and business users can still configure SaaS applications to bypass or override configurations in the IdP. When the adoption of SaaS applications scales, it becomes a challenge to detect and track identities that are not managed by IdP, overprivileged users and weak authentication that doesn’t leverage. These identities open up the organization to account compromise and data loss breaches.

Collaboratively Remediate Your SaaS Security Risks- Valence- Unmanaged SaaS User Identities

Misconfigurations and continuous compliance

The number of SaaS applications, their in-depth complexity and application-specific know-how, have created an emerging challenge for security teams to ensure proper SaaS security policy configuration. Whether it's for internal company policies or to maintain compliance with industry standards and frameworks such as SOC2, ISO 27001 and NIST. Each SaaS has its own set of security controls and terminology, which makes detection and monitoring of settings and drifts a burdensome challenge.

Collaboratively Remediate Your SaaS Security Risks- Valence- Maintaining Continuous SaaS Compliance

Major SaaS Security Breaches

Over the past two years, the SaaS mesh has exploded, with 1.5K applications and 900 integrations adopted by organizations on average – many of which are onboarded without security review. This has led to an increased frequency and magnitude of SaaS breaches and SaaS supply chain attacks. The following are some of the most destructive recent breaches.

Hackers used Slack to break into EA Games
June 21, 2021
Collaboratively Remediate Your SaaS Security Risks- Valence-  Slack
Misconfiguration exposed 38M records
August 24, 2021
Collaboratively Remediate Your SaaS Security Risks- Valence- M icrosoft
SolarWinds Hack exposes Mimecast customer emails
January 26, 2021
Collaboratively Remediate Your SaaS Security Risks- Valence- M icrosoft
Malicious OAuth apps taking over CEO accounts
January 28, 2022
Collaboratively Remediate Your SaaS Security Risks- Valence- M icrosoft
100s of companies impacted by breach
March 23, 2022
Collaboratively Remediate Your SaaS Security Risks- Valence- Okta
Dozens of accounts 
breached
March 24, 2022
Collaboratively Remediate Your SaaS Security Risks- Valence- Hubspot
100s of accounts breached
April 4, 2022
Collaboratively Remediate Your SaaS Security Risks- Valence- Mailchimp
OAuth tokens abused to access customer tenants
April 22, 2022
Collaboratively Remediate Your SaaS Security Risks- Valence- Github
Gmail attack bypasses 2FA to read all email
August 4, 2022
Collaboratively Remediate Your SaaS Security Risks- Valence- Google

Current Security Solutions Are Insufficient

Collaboratively Remediate Your SaaS Security Risks- Valence-

Cloud Access Security Broker (CASB)

CASBs were designed to discover SaaS applications in a corporate network based on a proxy architecture and to monitor user activities within these applications. However, over the years SaaS applications have become more complex and the modern SaaS mesh includes more SaaS applications and multiple layers of configurations, data, identities and third-party integrations which CASB solutions are blind to and do not monitor.

Collaboratively Remediate Your SaaS Security Risks- Valence-

SaaS Security Posture Management (SSPM)

Current SSPM solutions are focused mostly on proper configuration of SaaS applications and detection of policy drifts. These solutions are helpful to detect administrative changes and compliance issues, but fail to address the scale of the remediation effort required to properly address the pace of changes made by distributed organizations and business users. Without the business context and business user engagement, they cannot provide required mitigation capabilities.

The 2022 Shadow SaaS-to-SaaS Integration Report

Get critical SaaS security insights from top CISOs surveyed for the report and usage data derived from the Valence Security Collaborative SaaS Security Remediation platform.
Thank you for your interest in Valence Security! Please check your inbox to view your report
Oops! Something went wrong while submitting the form.