In the wake of a recent data breach involving cloud computing company Shadow, which compromised the personal information of over 530,000 customers, the need for stronger security measures has become apparent. Startups and companies of all sizes are vulnerable to data breaches, which not only result in regulatory obligations but also cause a loss of trust from clients. Recognizing this issue, a new French startup called Zygon has emerged to help startups protect themselves from data breaches originating from software-as-a-service (SaaS) providers.
Key Takeaway
Zygon is a French startup that helps startups safeguard against data breaches originating from SaaS providers. By reviewing all SaaS applications used by a team, including shadow SaaS services, Zygon provides startups with greater control over their SaaS usage. The platform decentralizes security and encourages companies to designate SaaS admins who can monitor specific tools within the organization. Zygon also helps identify potential security risks during employee departures, making it an essential tool for startups aiming to protect their sensitive data.
Identifying Shadow SaaS Services
What sets Zygon apart is its ability to review all the SaaS applications used by a startup’s team. This includes not only official services but also shadow SaaS services that may be used without the knowledge of the IT department. By conducting a comprehensive inventory process, Zygon provides a dashboard that displays all the SaaS applications being used, along with the number of users for each application.
Zygon’s co-founder and Chief Product Officer, Kevin Smouts, explained that the startup leverages employee email metadata to identify SaaS usage. This method helps identify SaaS applications that may not be connected to the official identity management solution, making Zygon especially valuable for startups.
Decentralizing Security
Instead of attempting to integrate with every SaaS product available, Zygon takes a decentralized approach to security. It encourages startups to designate SaaS admins who are responsible for overseeing the usage of specific tools within the organization. These admins receive recommendations regarding security configuration tasks, multi-factor authentication, and more.
For popular applications, the IT department can take on the role of admins, allowing them to prioritize the rollout of single sign-on (SSO) authentication and control account orchestration. Zygon’s approach gives organizations greater control over SaaS usage, allowing for the identification of employees with multiple accounts or those who share accounts. The platform also helps companies comply with security frameworks like SOC 2 and ISO, minimizing potential attack surfaces.
The Importance of Zygon During Employee Departures
Zygon also proves valuable when employees quit or layoffs occur. It can identify which services are still active post-departure, highlighting potential security risks. Smouts explained, “Most accounts remain active for a very long time after employees’ departures – in the current context of layoffs, these are gaping security holes. We go further by detecting which SaaS applications have APIs or access keys that also need to be ‘rotated’ in the event of an employee departure.”