- John Harden
Monitor SaaS Shadow IT so Dark Web Alerting Isn’t Informing You of It.
SaaS companies are always talking about how great their products are. They have all the features, and their software is easy to use and affordable. But one thing that they don’t talk about is how safe your information will be with them. With 100% certainty, some of them will have a data breach at some point in time. And when the vendor is part of this breach, there’s not a lot your company can do to prevent it from affecting you if your client’s data is on the Dark Web. That’s why being proactive with Shadow IT Monitoring and SaaS Assessments for all of your SaaS vendors is vita
In many cases, MSPs rely on the Dark Web monitoring tools to know when data is exposed, and they’re often reacting after it’s far too late. According to MSP360, MSPs should be leveraging the dark web as a sales tactic, but have you considered pro-active Shadow IT monitoring as a more effective sales tactic? Don’t wait for it to be exposed; imagine if you could react the day of for your clients?
You see a news story about one seemingly every day.
You see a news story about one seemingly every day. Often, it’s a company you use or have heard of. But, if the story is about a SaaS vendor that provides services to your customers, it may impact your client.
So many of these stories are popping up because there has been an increase in the number of data breaches and third-party vendors exposing data. According to the Ponemon Institute’s 2019 Cost of Data Breach Study: Global Analysis (which was recently published), there has been an increase from 20% in 2018 to 25% in 2019 for third-party vendor data breaches by hackers compared to internal employee errors resulting in data loss or theft (48%). In addition, only 39% knew when their data was part of a data breach, whereas 57% found out accidentally through other channels such as social media (59%), emails from customers asking if they were affected by specific events (59%) or notifications from regulators such as the FTC.”
And when they do, they’re not all that talked about, possibly because there isn’t much those companies can do to recover from the fallout of a breach at another company.
You might think that vendors and service providers are safe from having your data hacked, but this isn’t always the case. Even worse, third-party vendors have access to client data in many cases. And when they do get hacked, as was the case with Hubspot earlier this year and Mailchimp more recently, there is minimal coverage of their breaches.
It’s possible that because SaaS providers are the ones who have all of this customer data, they’re more likely to be nervous about openly communicating at all. This leads to the organizations using their SaaS being in the dark when potentially critical business data is lost. Not only this, but an alert is where it stops; traditionally, the vendors are not coaching clients on how to react to their data breach. See our guide to responding to a vendor breach if you are curious about how you should.
Being pro-active with Shadow IT Monitoring and SaaS Assessments for your client’s Shadow IT is the best way to avoid a public relations nightmare for their business if there is ever a third-party breach of your client’s data.
You can’t control what your vendors do, but you can be proactive about monitoring your customer’s usage of them. For example, suppose you are concerned about the vendor’s security practices. In that case, it’s best to ensure that they have a transparent relationship with your customers and know what data is in these applications.
As for the clients themselves, there are often many moving parts involved. So it’s essential to make sure that there is some process in place where information technology departments can communicate on how they adopt third-party vendors to you, their MSP.
In the end, there are many ways to protect your clients from the fallout of a third-party data breach. The best way is to manually monitor any breaches that may affect you and then act accordingly. If this is not feasible for your business, consider regularly using other automated methods such as Shadow IT monitoring or SaaS assessments.