[ad_1]
Last week, cloud computing company Shadow confirmed a data breach involving customers’ personal information. The hacker claims to have access to the data of more than 530,000 customers. According to an email from Shadow CEO Eric Seeley, the hacker managed to download this data from the API of a software-as-a-service (SaaS) provider. This is just the latest example in a long list of data breaches that have affected companies of all sizes.
And if you’re a tech CEO, you probably don’t want to be in that position. In the current regulatory landscape, you often have to notify privacy watchdogs and navigate regulatory obligations. More importantly, you risk losing the trust of your customers when you notify them of a breach.
That’s why Zygon caught my attention. This new French startup reviews all SaaS applications used by your team – and it doesn’t just focus on official services because it can identify shadow SaaS services that some teams are quietly using without telling the IT department. Have been.
At first, I thought Zygon might be particularly useful as a cost-saving service. Since many VC firms are still pursuing deals that would have made sense a few years ago, some startups are actively reviewing their SaaS contracts to see if they can cancel some subscriptions and Can extend your runway.
But the startup wants to go beyond this initial use and become a security startup for your SaaS services. Zygon recently raised a seed round of $3 million, with Accelio Capital leading the round, with Kima Ventures and several business angels also participating.
Visibility on shadow IT
After the initial inventory process, Zygon customers get a dashboard with all SaaS applications with the number of users per application.
“We’re using the metadata of employee emails, we go through the entire email history and find the ones that correlate with SaaS usage,” Kevin Smouts, Zygon’s co-founder and chief product officer, told me.
For SaaS applications that are tied to an official identity management solution, such as Okta, Zygon will not be particularly useful. But some SaaS startups have been particularly successful in recent years because it takes just minutes to create an account and get started.
They are taking advantage of this by promoting bottom-up adoption with freemium plans, self-service usage, and virality features. Dropbox, Zoom or Notion are popular examples of this trend.
And SaaS proliferation creates three different issues for businesses – security, legal and cost.
Instead of building integrations with every single SaaS product on earth, Zygon is using the same approach and decentralizing security across the entire organization. Zygon encourages you to designate SaaS administrators. From now on, they are in charge of the use of a specific tool in the organization.
They’ve got recommendations when it comes to security configuration tasks, multi-factor authentication, and more. For popular apps, IT departments can take over as administrators, prioritize the rollout of SSO authentication to control account orchestration, and more.
More generally speaking, Zygon brings some form of control over SaaS usage. If someone has multiple accounts for the same service, Zygon can flag that. Zygon can also identify if multiple employees are sharing an account. And if a company wants to comply with SOC 2 and ISO frameworks, Zygon can reduce risks by reducing the attack surface.
Zygon can be especially useful when someone leaves a job or when there is a wave of layoffs. It may list services that are still active after an employee leaves the company.
“In the current situation, IT is only in control of a very small number of SaaS applications. And most accounts remain active long after employees leave – in the current context of layoffs, these are major security lapses. We proceed by finding out which SaaS applications have APIs or access keys that also need to be ‘roamed’ in the event of an employee’s departure,” Smouts said.
