Assessing and Addressing SaaS Security Risks at Deepwatch

The magic of SaaS is truly how easy it is to procure and use. However, it can be so easy that we forget the flow of data behind it. Every SaaS application your team uses represents a potential gateway into your organization. And that gateway can open to certain security and compliance risks. 

As such, you need to know where these applications exist and what data they’re sharing. That requires visibility. A SaaS management program can provide exactly that: visibility into your entire SaaS portfolio to help mitigate security risks and protect your organization.

In this session from SaaSMe 2023, David Stoicescu, the Chief Information Security Officer at Deepwatch, discusses his SaaS management journey and how to start addressing SaaS security risks. 

Streamlining the Vendor Procurement Process and Gaining Visibility

One of Stoicesu’s biggest concerns coming into Deepwatch was how they could streamline the vendor procurement process. However, he also knew that they needed visibility into their data and to know who their vendors were. As we often say, you can’t manage what you don’t know is there. 

“I needed to understand what vendors we had. What were the terms for various agreements that were in place?” said Stoicesu. “For instance, from a security perspective and a third-party vendor risk perspective, what did the assessments of these vendors look like?” 

These questions and many more had to be answered before he could accurately assess Deepwatch’s risk exposure and tolerance. However, those answers weren’t forthcoming. He needed that visibility. 

This is where partnering with Zylo came into play. Zylo provided the visibility and insights needed to get all the answers on the systems in play, third-party vendor risk, and an understanding of contractual terms. 

What’s more, it enabled them to centralize their contracts and application information in one place to build a comprehensive view of their tech stack to make more informed decisions. 

Understanding Shadow IT and Mitigating Risks

As CISO, Stoicescu naturally wanted to understand and mitigate risks, particularly those associated with shadow IT.

“Another big problem, or a pain point, that I didn’t necessarily have an answer to was shadow IT,” said Stoicescu. “So, who is purchasing? What applications exist that have been granted access to corporate, to employee, or to customer data?” 

Again, we see the importance of visibility when it comes to understanding mitigating risks. 1 in 6 employees will expense SaaS, and those applications don’t always enter the environment with approval or oversight from IT. As such, they can pose significant security and compliance risks.

Stoicesu recognized this. Building that aforementioned visibility gave Deepwatch insight into who was purchasing applications and the data associated with those applications. Then, they could assess the previously unknown applications to make informed decisions on their usage. 

What’s more, visibility allowed Deepwatch to consolidate and reduce any unnecessary applications, mitigating the risks of shadow IT and providing cost-saving opportunities in the process. 

Building Better Relationships and Improving Collaboration

Throughout the session, Stoicescu emphasized the importance of building relationships and collaboration across lines of business.

As a CISO with previous IT experience, he saw the importance of bridging the gap between IT and other departments for security and productivity, balancing security and user experience.

“On one side, you want to ensure that you’ve got everything buttoned up and you’re protecting the business,” said Stoicescu. “But on the other side, you want to ensure that you’re creating a really good experience for your staff, because a very productive staff is going to be a very happy staff that is ultimately going to provide the best experiences for your customers – and that’s really, really important.” 

As such, he went on to discuss how he made it a point to work closely with his peers such as the CFO, CIO, and CTO to evangelize the importance of SaaS management for risk mitigation. 

Partnering with Zylo allowed them to facilitate this collaboration. Stoicescu was able to create a shared understanding and promote collaboration across the organization. 

And that provided benefits for each team beyond security. Finance saw cost-saving potential. The CIO enjoyed simplified reviews, and the organization as a whole was able to reduce unnecessary spending – saving $500,000 in less than a year. 

Visibility Drives SaaS Security Risk Mitigation

Throughout Stoicescu’s SaaS management journey at Deepwatch, they consolidated applications, reduced costs and security risks, and created a one-stop shop for contract management and procurement. All of which was made possible through the power of complete visibility into their SaaS portfolio. 

Visibility is a must-have for any organization that wants to understand where SaaS-related risks may hide. After all, you can’t address and mitigate risks if you don’t know they exist.

If you would like to hear more about how Deepwatch addresses SaaS risks, watch the full session here. For more on Stoicescu’s journey, check out his conversation with Chief Customer Officer Cory Wheeler on the SaaSMe Unfiltered podcast.