: Identify Risky Unsanctioned SaaS Applications and Users
Focus
Focus

Identify Risky Unsanctioned SaaS Applications and Users

Table of Contents

Identify Risky Unsanctioned SaaS Applications and Users

Learn how to identify and remediate risky apps on SaaS Security Inline.
SaaS Security Inline provides tools to help you identify risky SaaS applications and users, including analytics, risk scores, and reports. After you identify your organization’s risks, you have the following solutions to increase your security posture:
  • Author and submit SaaS security policy rule recommendations to address the risks. However, before you do so, consider some guidelines.
  • Identify a competing product that’s more secure. Search the Application Dictionary by Category to find a suitable replacement.
  • Notify users of the unsanctioned app to use the alternative, sanctioned app. Don’t forget to tag the sanctioned SaaS application.
  • Change the risk score.
  • Identify opportunities to develop training for employees and internal policies.

Identify Risky SaaS Users

Although Discovered Users, displays your list of users that are using discovered SaaS apps, not all of those uses are risky. You’ll need to observe the users in the context of the risky SaaS apps and overall application usage (MB). For example, if you find 100 users using WeTransfer but only a few people are uploading large amounts of data, those users are likely risky users and require more scrutiny.
  1. Navigate to SaaS Security Inline.
  2. To navigate to the Discovered Applications view, select Applications.
  3. Filter on SaaS apps with a risk score of 4 or 5.
  4. Do one of the following:
    • Click on the individual SaaS apps.
    • Click on the number of users for the SaaS apps.
  5. Sort the column by Usage.

Identify Risky SaaS Applications

A risk score in SaaS Security Inline enables you to make decisions about security posture of a given app. The risk score is between 1 (low risk) and 5 (high risk) and is based on compliance attributes. Key attributes have a higher impact on the score: the score is assigned by applying different weights to each compliance attribute and calculating the score based on whether the application meets those compliance standards.
  1. Navigate to SaaS Security Inline.
  2. To navigate to the Discovered Applications view, select Applications.
  3. Sort the table by Risk in descending order.
  4. Observe the Risk score for each SaaS application in the High risk category.
    Risk Score
    Description
    4-5
    High Risk — Very likely to be a risk.
    3
    Medium Risk — Moderate risk.
    1-2
    Low Risk — Unlikely to be a risk.
  5. Open the Application Detail for the SaaS application to assess the risk characteristics (compliance attributes) that contribute to this risk score.