Problems with securing Cloud Applications – Tales from the Real World
August 17, 2018 | By Deepak Balakrishna
At Adya we are focused on helping enterprises address management and security problems of Cloud Applications. We are excited to be pioneers of a new market – Cloud Applications Management. We believe that enterprises need a single pane of glass to effectively manage and secure the wide range of SaaS applications that they are deploying.
For us entrepreneurs, it is always heartening to get real-world validation from the market. Here are a few use cases and stories from customers and prospects as they deployed Adya.
#1 – The consultant who never leaves
A Bay Area tech firm with over 400 employees realized that over 100,000 documents (out of a total of a million documents) were still accessible by an outside consultant who had not worked there for over a year. She was added to an internal group and was not removed from it after her contract had ended. As documents continued to be shared with that group, she was given access to them. This is a problem of not offboarding users cleanly – thus leaving data exposed.
#2 – An ex-employee who really, REALLY wants to “stay connected”
At a 200 person IT startup, the IT team discovered that an employee who had left the company more than 6 months previously had, prior to his departure, shared all of his documents with his personal email so he would continue to have access to them after his departure. Such malicious activities are unfortunately surprisingly common.
#3 – The super-committed marketing manager
The IT team saw that their marketing manager had shared all of their marketing documents – over 20,000 of them – with the world (via public sharing on Google drive). Anyone in the world had access to these documents. Digging deeper, they uncovered that the marketing manager had been asked by his manager to share the marketing folder widely. The manager took it quite literally and applied a very liberal sharing policy.
#4 – Dangerous applications reading email
At another one of our customers, they were receiving fake invoices over email that looked very convincing. They believed there was some malware or some application installed that was reading their employees’ emails. As part of the IT team’s effort to determine the root cause, they discovered that over 25 applications were installed by employees using their G Suite credentials that had been authorized to read the email! This was a huge exposure that they were previously completely unaware of.
#5 – Problems with too much churn
Another customer is a rapidly growing startup that is experiencing significant employee churn as a result. With a very small IT team, the company had no effective means to cleanly offboard employees and onboard new employees. This caused several problems where new employees did not have the right set of privileges and where ex-employees still had access.