Product Spotlights
6 minutes

Introducing Obsidian Integration Risk Management: Reducing the Risk of Third-Party SaaS Integrations

Third-party SaaS integrations are an essential component of many organizations’ operations, enabling them to improve efficiency and streamline workflows. However, these integrations can also introduce significant security risks, potentially exposing sensitive data to external threats.

At Obsidian, we recognize the need for a comprehensive solution to address these risks, which is why we are excited to introduce our new product, Obsidian Integration Risk ManagementTM designed specifically to minimize the risk of third-party SaaS integrations. 

On average, Obsidian customers reduce SaaS integration risk by over 80%.

Threat vectors are evolving from targeting user-application interfaces to third-party SaaS integrations

Integrations, not users, are responsible for the majority of data movement within and out of an enterprise. More business critical data now flows between SaaS integrations than between users and applications. 

On average, Obsidian customers before using Integration Risk Management have 900 OAuth integrations to Google, 750 to Microsoft, and 150 to Salesforce. We have also seen some customer deployments with nearly 20,000 integrations to their core SaaS applications. We find that over 70% of these integrations are inactive (90+ days with no activity). 

Employees connect third-party vendors (via OAuth) to core SaaS platforms (such as Salesforce, Microsoft 365, Google Workspace, etc.), either intentionally or unknowingly instilling trust in that vendor, their security standards, and that the access granted to them will not be abused. 

Conversely, IT organizations often create and use integrations to carry out highly privileged tasks such as provisioning, data migration, and business application development.

The privileged access endowed on these internal integrations is a desirable target for adversaries – as exemplified in the StellarParticle campaign (and recent breaches that targeted Mailchimp, CircleCI, Okta, Slack, GitHub, and Digital Ocean to name a few).

The blind spot in SaaS security

But just as app-to-app connectivity proliferates rapidly, traditional security solutions that protect the user-application interface continue to fall short, leaving improperly secured third-party connections open to potential attacks, data breaches and compliance violations.

One of the main challenges that organizations face when it comes to third-party SaaS integrations is the lack of visibility and control. With a wide range of applications and integrations being used across different departments, it can be challenging to track which applications are being used and what data is being shared. This lack of visibility and control creates a significant security risk, as sensitive data could be exposed through a vulnerable integration without the organization even being aware of it.

Another challenge is the complexity of managing integrations across different SaaS platforms. Each platform has its own unique set of rules and regulations when it comes to managing integrations, which can create significant difficulties when trying to ensure compliance and security across all integrations.

Reduce the risk of data breaches and compliance violations due to 3rd party SaaS with Obsidian

When we spoke with CISOs, we heard repeatedly that they were struggling to keep up with the proliferation of third-party SaaS integrations and the risk they posed to their organizations. Security teams can’t protect what they can’t see. They expressed concerns about the lack of visibility and control they had over these integrations, as well as the complexity of managing them across different SaaS platforms.

Our aim with Integration Risk Management is to solve that. We want to give security teams the ability to discover integrations, continuously monitor risk, and prune unsanctioned applications. 

Discover Integrations

Obsidian starts with a consolidated inventory of every integration—third-party and internally developed applications, too—connected to central business-critical SaaS platforms such as Microsoft 365, Google Workspace, and Salesforce. We recognize that each of these core enterprise services introduces, manages, permits, and logs integrations differently, which is why Obsidian navigates and resolves these discrepancies to present security teams with a clear list. Additional filtering options give analysts the flexibility to dig into specific concerns like inactive applications or integrations that need review.

Continuously Monitor Risk

The risk these integrations pose to an enterprise are non-static. New integrations can be added or existing integrations can expand their risk – in terms of data access, user adoption, or permission. Obsidian assesses a wide variety of factors for each integration in order to better understand and quantify levels of risk. We closely analyze an integration’s access into your environment, the authenticity of its authorship or creation, its method of authentication, the data it’s associated with, and its activity history—what exactly is it doing? These and several other considerations ultimately contribute to a single aggregate risk score ranging in severity from low to critical. This allows security teams to more efficiently prioritize the review and remediation of connections that pose the greatest potential threat. At the same time, Obsidian provides a detailed list of each factor contributing to aggregate risk scores for total transparency and a more effective security team review. Given the dynamic nature of SaaS integrations,

Obsidian continuously reassesses risk scores to help teams stay ahead of changing levels of access and emergent threat vectors.

Uncover Unsanctioned Applications

Especially in organizations where the addition and implementation of new integrations isn’t monitored or tightly regulated by security, the ability for any user to connect a new application—no matter how harmless they might think it is—can introduce significant risk to your environment. Obsidian uncovers the deployment of unsanctioned integrations while providing important supporting details around ownership, access, and security approval. Security teams will have immediate answers to any of their questions when investigating these unsanctioned connections: Is this application owned by an internal stakeholder, or a third party? Who is the publisher of this integration, and are they verified? When was this integration added, and when was it last active? Was this integration reviewed and approved by an administrator?

Secure your sensitive data now

Sensitive data stored in third-party integrations is particularly vulnerable, as it is often overlooked and under-protected. Without the right tools in place to monitor and manage these integrations, organizations risk becoming another example of the many that have suffered data breaches and compliance violations.

Contact us today to learn more about how Obsidian can help you secure your third-party integrations and protect your sensitive data. And if you’re passionate about solving security challenges and interested in joining our team, we’re currently hiring.