[{"data":1,"prerenderedAt":1475},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":36,"navbar-about-highlight":108,"navbar-resource-highlight":182,"blog/from-launch-to-series-a":226},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"query":14,"data":15,"variations":20,"lastUpdated":21,"firstPublished":22,"testRatio":23,"createdBy":24,"lastUpdatedBy":25,"folders":26,"meta":27,"rev":35},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner","1c6207a5f24948ab82d4a0b17f251193","published",[],{"type":16,"url":17,"text":18,"link":19},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,1,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2","jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":28,"lastPreviewUrl":29,"breakpoints":30,"hasAutosaves":34},"data","",{"xsmall":31,"small":32,"medium":33},320,640,768,true,"ga0kpxjhh76",{"createdDate":37,"id":38,"name":39,"modelId":40,"published":13,"stageModifiedSincePublish":6,"query":41,"data":42,"variations":97,"lastUpdated":98,"firstPublished":99,"testRatio":23,"createdBy":100,"lastUpdatedBy":101,"folders":102,"meta":103,"rev":107},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":43,"text":44,"url":29,"blocks":45,"state":93},"ewrererw","testrfesssssssssss",[46,73,81],{"@type":47,"@version":48,"id":49,"component":50,"responsiveStyles":63},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":51,"tag":51,"options":52,"isRSC":62},"TopBannerContent",{"text":53,"ctaText":54,"url":55,"mainText":56,"cta":59},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks","Save Your Spot","https://pushsecurity.com/webinar/state-of-browser-security",{"content":57,"fontSize":58},"\u003Cp>Meet Push's browser security experts at BlackHat 2026.\u003C/p>","text-base",{"content":60,"fontSize":58,"url":61},"\u003Cp>Book a meeting →\u003C/p>","https://pushsecurity.com/events/blackhat-2026-meeting",null,{"large":64},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":70,"marginBottom":70,"fontSize":71,"fontWeight":72},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"@type":47,"@version":48,"id":74,"component":75,"responsiveStyles":79},"builder-a2e1f4b9f30b464bb814d7f5de5b0aa7",{"name":76,"options":77,"isRSC":62},"Custom Code",{"code":78,"scriptsClientOnly":6},"\u003Cstyle>\n  .top-banner.bg-web-orange{background:rgb(114, 79, 255);}\n\u003C/style>\n",{"large":80},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":82,"@type":47,"tagName":83,"properties":84,"responsiveStyles":88},"builder-pixel-o503s4fpvk","img",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":89},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},"block","hidden","none",{"deviceSize":94,"location":95},"large",{"path":29,"query":96},{},{},1783541846936,1774968080803,"ST0tXQM8slWpFrmioqKHmENB2qe2","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"kind":104,"lastPreviewUrl":105,"hasLinks":6,"breakpoints":106,"hasErrors":6,"hasAutosaves":6},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"kyujw1aptq",[109,145],{"createdDate":110,"id":111,"name":112,"modelId":113,"published":13,"stageModifiedSincePublish":6,"query":114,"data":115,"variations":138,"lastUpdated":139,"firstPublished":140,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":141,"meta":142,"rev":144},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":116,"type":117,"testimonialLink":118,"testimonial":119},{},"testimonial","/customer-stories/inductive-automation",{"@type":120,"id":121,"model":117,"value":122},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79",{"query":123,"folders":124,"createdDate":125,"id":121,"name":126,"modelId":127,"published":13,"data":128,"variations":132,"lastUpdated":133,"firstPublished":134,"testRatio":23,"createdBy":100,"lastUpdatedBy":100,"meta":135,"rev":137},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":129,"jobTitle":130,"quote":126,"image":131},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,{"kind":28,"lastPreviewUrl":29,"breakpoints":136,"hasAutosaves":34},{"small":32,"medium":33},"e8bsg4qrgtu",{},1776247404986,1776247404973,[],{"breakpoints":143,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"g9lqcuxphw7",{"createdDate":146,"id":147,"name":148,"modelId":113,"published":13,"meta":149,"stageModifiedSincePublish":6,"query":151,"data":152,"variations":178,"lastUpdated":179,"firstPublished":180,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":181,"rev":144},1776255761419,"05a9322735fc427db12e2740e4302300","Report: 2026 Browser Attack Techniques",{"breakpoints":150,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":153,"link":172,"type":175,"title":148,"description":176,"image":177},{"@type":120,"id":154,"model":117,"value":155},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":156,"folders":157,"createdDate":158,"id":154,"name":159,"modelId":127,"published":13,"data":160,"variations":166,"lastUpdated":167,"firstPublished":168,"testRatio":23,"createdBy":100,"lastUpdatedBy":24,"meta":169,"rev":171},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":161,"jobTitle":162,"author":163,"qoute":29,"quote":164,"image":165},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":28,"lastPreviewUrl":29,"breakpoints":170,"hasAutosaves":34},{"small":32,"medium":33},"ulhc0im1hfo",{"text":173,"url":174},"Download now","/resources/browser-attacks-report","resource","Learn about the latest techniques being used in the wild.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9",{},1776255810913,1776255810900,[],[183,205],{"createdDate":184,"id":185,"name":148,"modelId":186,"published":13,"meta":187,"stageModifiedSincePublish":6,"query":189,"data":190,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":203,"rev":204},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":188,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":191,"link":199,"type":175,"title":148,"description":176,"image":177},{"@type":120,"id":154,"model":117,"value":192},{"query":193,"folders":194,"createdDate":158,"id":154,"name":159,"modelId":127,"published":13,"data":195,"variations":196,"lastUpdated":167,"firstPublished":168,"testRatio":23,"createdBy":100,"lastUpdatedBy":24,"meta":197,"rev":171},[],[],{"video":161,"jobTitle":162,"author":163,"qoute":29,"quote":164,"image":165},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":198,"hasAutosaves":34},{"small":32,"medium":33},{"text":173,"url":174},{},1776256937553,1776256937540,[],"xggsv10v1q9",{"createdDate":206,"id":207,"name":208,"modelId":186,"published":13,"stageModifiedSincePublish":6,"query":209,"data":210,"variations":220,"lastUpdated":221,"firstPublished":222,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":223,"meta":224,"rev":204},1776256949234,"ce043785b71b4ece98eac811ecf4ba10","inductive-automation",[],{"link":211,"type":117,"testimonial":212,"testimonialLink":118},{},{"@type":120,"id":121,"model":117,"value":213},{"query":214,"folders":215,"createdDate":125,"id":121,"name":126,"modelId":127,"published":13,"data":216,"variations":217,"lastUpdated":133,"firstPublished":134,"testRatio":23,"createdBy":100,"lastUpdatedBy":100,"meta":218,"rev":137},[],[],{"author":129,"jobTitle":130,"quote":126,"image":131},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":219,"hasAutosaves":34},{"small":32,"medium":33},{},1776256974140,1776256974130,[],{"breakpoints":225,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"id":227,"title":228,"authorsCollection":229,"content":237,"extension":855,"faqItemsCollection":856,"faqTitle":62,"featured":6,"hashTags":62,"meta":858,"metaTitle":859,"ogImage":62,"publishedDate":860,"relatedBlogPostsCollection":861,"slug":1449,"stem":1450,"subtitle":62,"summary":1451,"synopsis":1462,"sys":1463,"tagsCollection":1466,"__hash__":1474},"blog/blog/from-launch-to-series-a.json","From launch to series A ",{"items":230},[231],{"fullName":232,"firstName":233,"jobTitle":234,"profilePicture":235},"Adam Bateman","Adam","Co-founder / CEO",{"url":236},"https://images.ctfassets.net/y1cdw1ablpvd/3Bt9feB72kxdWlS0hvpldi/904bdb8b20d98e53c574f8be2f60996b/Push_Founders_at_Cahoots_October_28_2022_by_Doug_Coombe-20.jpg",{"json":238,"links":790},{"data":239,"content":240,"nodeType":789},{},[241,280,287,295,316,323,330,336,370,377,384,401,408,415,460,466,474,481,488,504,511,518,525,531,538,545,552,559,566,572,579,622,629,636,642,649,656,663,669,676,683,690,696,703,710,717,724,740,756],{"data":242,"content":243,"nodeType":279},{},[244,249,258,262,275],{"data":245,"marks":246,"value":247,"nodeType":248},{},[],"We’re proud to share that we’ve locked in our ","text",{"data":250,"content":252,"nodeType":257},{"uri":251},"https://techcrunch.com/2023/04/03/push-security-raises-15m-to-help-saas-users-lower-their-online-vulnerability/",[253],{"data":254,"marks":255,"value":256,"nodeType":248},{},[],"Series A round","hyperlink",{"data":259,"marks":260,"value":261,"nodeType":248},{},[],", led by GV (Google Ventures). We’ve learned a lot about what our customers need since we ",{"data":263,"content":269,"nodeType":274},{"target":264},{"sys":265},{"id":266,"type":267,"linkType":268},"1LWXA4OL7v5bqsS4acnnpr","Link","Entry",[270],{"data":271,"marks":272,"value":273,"nodeType":248},{},[],"launched in July 2022","entry-hyperlink",{"data":276,"marks":277,"value":278,"nodeType":248},{},[]," - they want to help employees use SaaS more securely, of course, but they also need centralized visibility and the ability to make good decisions around the use of SaaS by knowing how their employees are using it. ","paragraph",{"data":281,"content":282,"nodeType":279},{},[283],{"data":284,"marks":285,"value":286,"nodeType":248},{},[],"Most security-savvy organizations have a fairly good handle on IT-owned and managed SaaS platforms (like Microsoft 365, Google Workspace, Salesforce, Slack, etc) and many have started using newer security solutions that discover the SaaS work apps that employees have started using and often integrated with those IT-owned platforms. ",{"data":288,"content":289,"nodeType":294},{},[290],{"data":291,"marks":292,"value":293,"nodeType":248},{},[],"The rise of PLG and how it impacts security ","heading-2",{"data":296,"content":297,"nodeType":279},{},[298,302,312],{"data":299,"marks":300,"value":301,"nodeType":248},{},[],"What they’ve been missing is the ",{"data":303,"content":305,"nodeType":257},{"uri":304},"https://openviewpartners.com/product-led-growth/",[306],{"data":307,"marks":308,"value":311,"nodeType":248},{},[309],{"type":310},"underline","rise of product-led growth",{"data":313,"marks":314,"value":315,"nodeType":248},{},[]," (PLG) - a popular sales motion that relies on the product itself as the primary driver for customer acquisition and conversion. Potential buyers sign up, integrate it, and experience the product value before going through any sales-cycle. ",{"data":317,"content":318,"nodeType":279},{},[319],{"data":320,"marks":321,"value":322,"nodeType":248},{},[],"The impact this has on security is that where in the past, employees would have needed to go centrally through procurement, which gives the security team an opportunity to assess the risk and determine whether or not the service would invalidate the organization’s security compliance. With PLG, employees can (and do) onboard sensitive applications themselves directly. This shift in buying behavior has contributed to a sharp increase of SaaS sprawl and shadow IT.",{"data":324,"content":328,"nodeType":329},{"target":325},{"sys":326},{"id":327,"type":267,"linkType":268},"1Dw4V0Fd0wI8yB6juzyWjg",[],"embedded-entry-block",{"data":331,"content":335,"nodeType":329},{"target":332},{"sys":333},{"id":334,"type":267,"linkType":268},"61Oj6GzX4amLxEJ5fPDJCq",[],{"data":337,"content":338,"nodeType":279},{},[339,343,349,353,358,362,366],{"data":340,"marks":341,"value":342,"nodeType":248},{},[],"PLG is also the norm for app-to-app integrations as well. In our data, we found that",{"data":344,"marks":345,"value":348,"nodeType":248},{},[346],{"type":347},"bold"," ",{"data":350,"marks":351,"value":352,"nodeType":248},{},[],"around 37% of Microsoft 365 app integrations were IT-approved and owned. ",{"data":354,"marks":355,"value":357,"nodeType":248},{},[356],{"type":347},"The rest (63%) were all employee-owned and consented to. ",{"data":359,"marks":360,"value":361,"nodeType":248},{},[],"That’s just looking at app-to-app integrations to the M365 tenant, so it doesn’t include all the SaaS apps accessed through the browser.",{"data":363,"marks":364,"value":348,"nodeType":248},{},[365],{"type":347},{"data":367,"marks":368,"value":369,"nodeType":248},{},[],"Sure, some of those apps are used by a whole team and may be on IT’s radar if the department head went through the proper security measures. But many may just be used by one person or a team is just signing up for a free trial. And even for those free/trial instances, the apps need to integrate with business apps and data to work and test, so they can present as much risk as any other app used in your environment.",{"data":371,"content":372,"nodeType":294},{},[373],{"data":374,"marks":375,"value":376,"nodeType":248},{},[],"What’s the risk of SaaS sprawl?",{"data":378,"content":379,"nodeType":279},{},[380],{"data":381,"marks":382,"value":383,"nodeType":248},{},[],"The unknowns - the old trope that you can’t protect what you don’t know is cliche for a reason - it’s true. Not every SaaS app or integration carries massive risk, but most apps employees are using to get important work done accesses sensitive data or need to integrate with business data, which is then shared with a third party in each instance.",{"data":385,"content":386,"nodeType":279},{},[387,391,397],{"data":388,"marks":389,"value":390,"nodeType":248},{},[],"Each app becomes an asset that security teams need to protect and each new account employees create forms part of the company’s public-facing attack surface. With PLG, apps are adopted ",{"data":392,"marks":393,"value":396,"nodeType":248},{},[394],{"type":395},"italic","before ",{"data":398,"marks":399,"value":400,"nodeType":248},{},[],"security get a chance to onboard them onto SSO, so weak user accounts employees have created are a potential entry point for an attacker.",{"data":402,"content":403,"nodeType":279},{},[404],{"data":405,"marks":406,"value":407,"nodeType":248},{},[],"This can be a high ROI technique for an attacker. Instead of burning client-side exploits and C2 infrastructure, an attacker kicks off an automated password scan against all popular SaaS apps and gets alerted each time they access an account. Attackers are also utilizing credential stuffing by taking a single compromised employee password and trying it against every popular SaaS service to extend their access. ",{"data":409,"content":410,"nodeType":279},{},[411],{"data":412,"marks":413,"value":414,"nodeType":248},{},[],"The sensitivity of these applications vary depending on their capability, but some particularly high-risk examples we’ve come across include:",{"data":416,"content":417,"nodeType":459},{},[418,429,439,449],{"data":419,"content":420,"nodeType":428},{},[421],{"data":422,"content":423,"nodeType":279},{},[424],{"data":425,"marks":426,"value":427,"nodeType":248},{},[],"Apps that access employee email - attackers can use this access to do account resets and compromise other SaaS apps.","list-item",{"data":430,"content":431,"nodeType":428},{},[432],{"data":433,"content":434,"nodeType":279},{},[435],{"data":436,"marks":437,"value":438,"nodeType":248},{},[],"Compromising development or testing tools that have access to API keys and production systems.",{"data":440,"content":441,"nodeType":428},{},[442],{"data":443,"content":444,"nodeType":279},{},[445],{"data":446,"marks":447,"value":448,"nodeType":248},{},[],"Compromising data warehouses, or any independent SaaS app that integrates back with that data warehouse.",{"data":450,"content":451,"nodeType":428},{},[452],{"data":453,"content":454,"nodeType":279},{},[455],{"data":456,"marks":457,"value":458,"nodeType":248},{},[],"Compromising marketing apps that can be used to control public facing assets such as the company social media account or website. ","ordered-list",{"data":461,"content":462,"nodeType":279},{},[463],{"data":464,"marks":465,"value":29,"nodeType":248},{},[],{"data":467,"content":468,"nodeType":473},{},[469],{"data":470,"marks":471,"value":472,"nodeType":248},{},[],"The Solution ","heading-1",{"data":475,"content":476,"nodeType":294},{},[477],{"data":478,"marks":479,"value":480,"nodeType":248},{},[],"Complete, real time, centralized visibility",{"data":482,"content":483,"nodeType":279},{},[484],{"data":485,"marks":486,"value":487,"nodeType":248},{},[],"To get a handle on the SaaS sprawl and shadow IT that the PLG movement has caused, security teams need complete visibility of every business application (SaaS apps, cloud apps, app-to-app integrations, etc.) employees are adopting, integrating with company data, and accessing through the browser.",{"data":489,"content":490,"nodeType":279},{},[491,495,500],{"data":492,"marks":493,"value":494,"nodeType":248},{},[],"Alongside visibility, security teams also need the option to turn on notifications to keep them up to date about potential security concerns around SaaS use in their organization. This provides security teams with near real-time visibility so they’re notified when someone has signed up for a new app. If an employee or team has been using an app for weeks or months, it can be much more difficult to migrate them to a more secure platform if security decides the risks outweigh the benefits for that app. It also means that security teams get to be part of the decision-making process again. So, even though the PLG model has put security in the mode of constantly having to play catch-up to do risk assessments ",{"data":496,"marks":497,"value":499,"nodeType":248},{},[498],{"type":395},"after",{"data":501,"marks":502,"value":503,"nodeType":248},{},[]," the app has been adopted, security teams can reclaim their role in the procurement process with timely notifications. ",{"data":505,"content":506,"nodeType":279},{},[507],{"data":508,"marks":509,"value":510,"nodeType":248},{},[],"The thing is, the notifications need to have enough information to be meaningful rather than just acting as another alert to distract them from their work. Enter channel messaging for security teams. ",{"data":512,"content":513,"nodeType":279},{},[514],{"data":515,"marks":516,"value":517,"nodeType":248},{},[],"Our new channel messaging feature tells security teams about new SaaS being onboarded, of course, but also provides useful security insights about that activity. If a new app is added to or integrated with the company’s Google Workspace or Microsoft 365 tenant, we can tell you in Slack or Teams, and we’ll also let you know if it’s low-risk or if it merits more investigation. ",{"data":519,"content":520,"nodeType":279},{},[521],{"data":522,"marks":523,"value":524,"nodeType":248},{},[],"In the case of app-to-app integrations, we’ve decided against providing an abstract risk score, which isn’t actually very helpful, and focused instead on tangible information on what data the integration exposes, so the security team can make the right risk assessment for their organization. See the example below:",{"data":526,"content":530,"nodeType":329},{"target":527},{"sys":528},{"id":529,"type":267,"linkType":268},"4e6ERBq2KkDpM8VxwIW3zV",[],{"data":532,"content":533,"nodeType":279},{},[534],{"data":535,"marks":536,"value":537,"nodeType":248},{},[],"We’ll also flag you if an integration is high-risk because it’s asking for excessive data permissions. For instance, one interesting data point we’ve discovered since launch: 23% of the Microsoft app-to-app integrations we discovered granted access to high-risk assets or data, such as email inboxes, and shared drives like OneDrive. For Google workspace, 17% were equally high-risk.",{"data":539,"content":540,"nodeType":279},{},[541],{"data":542,"marks":543,"value":544,"nodeType":248},{},[],"Security teams need complete SaaS visibility and foundational insights into the security impact of those apps used in their business. Couple that visibility with a user-centric approach to security and you’ve got baseline SaaS security covered, whether you’re a small business with no dedicated team or you’re an enterprise with a highly skilled, dedicated team that’s overburdened with constant alerts and struggling to make actual improvements to your company’s security posture.",{"data":546,"content":547,"nodeType":294},{},[548],{"data":549,"marks":550,"value":551,"nodeType":248},{},[],"Automate the fix by involving the user",{"data":553,"content":554,"nodeType":279},{},[555],{"data":556,"marks":557,"value":558,"nodeType":248},{},[],"The most sensible way we’ve found to scale SaaS security in an employee-adopted apps world is to put users at the center of helping to improve security. We prompt users at the right time to encourage them to take an action that will benefit an organization’s security, like updating their software or securing their user account with MFA or a stronger password.",{"data":560,"content":561,"nodeType":279},{},[562],{"data":563,"marks":564,"value":565,"nodeType":248},{},[],"This shared responsibility model is nothing new, really. It’s a concept that was pioneered by Slack, Netflix, and Duo Security before us. The way we’re applying it to securing employee SaaS use, however, is pretty novel. To us, a user-centric approach doesn’t simply mean building in ChatOps in Slack and Teams - it’s building in a variety of ways to notify and interact with the user when the time is right for them to take action. ",{"data":567,"content":571,"nodeType":329},{"target":568},{"sys":569},{"id":570,"type":267,"linkType":268},"5wZDwVTGbh5f4qliO2ft3E",[],{"data":573,"content":574,"nodeType":279},{},[575],{"data":576,"marks":577,"value":578,"nodeType":248},{},[],"Our approach involves the user from beginning to end:",{"data":580,"content":581,"nodeType":621},{},[582,601,611],{"data":583,"content":584,"nodeType":428},{},[585],{"data":586,"content":587,"nodeType":279},{},[588,592,597],{"data":589,"marks":590,"value":591,"nodeType":248},{},[],"We provide real-time guidance to help prevent problems ",{"data":593,"marks":594,"value":596,"nodeType":248},{},[595],{"type":395},"before they happen",{"data":598,"marks":599,"value":600,"nodeType":248},{},[]," (in the browser),",{"data":602,"content":603,"nodeType":428},{},[604],{"data":605,"content":606,"nodeType":279},{},[607],{"data":608,"marks":609,"value":610,"nodeType":248},{},[],"We nudge employees to self-remediate issues that have already happened, and",{"data":612,"content":613,"nodeType":428},{},[614],{"data":615,"content":616,"nodeType":279},{},[617],{"data":618,"marks":619,"value":620,"nodeType":248},{},[],"We provide an overview for each employee, so the security team can see each employee’s security state for their SaaS use.","unordered-list",{"data":623,"content":624,"nodeType":294},{},[625],{"data":626,"marks":627,"value":628,"nodeType":248},{},[],"Real-time guidance",{"data":630,"content":631,"nodeType":279},{},[632],{"data":633,"marks":634,"value":635,"nodeType":248},{},[],"Our just-in-time notifications act like password-checkers in the browser, but they’re more robust in that security teams can fully customize which words and phrases employees can’t use in their passwords as they’re creating new accounts; it might be company name, location, common words, street address, and so on). This helps prevent employees from creating weak passwords like those that were leaked in a password dump after a breach. Here’s how we’re doing that in the browser:",{"data":637,"content":641,"nodeType":329},{"target":638},{"sys":639},{"id":640,"type":267,"linkType":268},"59eQuuZH8RICARjwXAJrWw",[],{"data":643,"content":644,"nodeType":279},{},[645],{"data":646,"marks":647,"value":648,"nodeType":248},{},[],"These simple measures help employees pick stronger passwords from the start, cutting down on the need for any nudges on ChatOps or any notifications to security. Why fix issues when you can prevent them from ever happening?",{"data":650,"content":651,"nodeType":294},{},[652],{"data":653,"marks":654,"value":655,"nodeType":248},{},[],"Notifications",{"data":657,"content":658,"nodeType":279},{},[659],{"data":660,"marks":661,"value":662,"nodeType":248},{},[],"We use notifications in ChatOps (Slack or Teams) when employees can fix security issues with one click without the need for security to talk to them directly. An example of this is using a chat to check if an employee is still using a dormant or inactive app. If they’re not using it, they can automatically eliminate it from the company’s attack surface by clicking the “I’m not using it, you can remove” button. ",{"data":664,"content":668,"nodeType":329},{"target":665},{"sys":666},{"id":667,"type":267,"linkType":268},"6deX1SbkDVkXGT7FthM9pd",[],{"data":670,"content":671,"nodeType":294},{},[672],{"data":673,"marks":674,"value":675,"nodeType":248},{},[],"Employee SaaS security overview",{"data":677,"content":678,"nodeType":279},{},[679],{"data":680,"marks":681,"value":682,"nodeType":248},{},[],"The final component of user-centric security is to provide a personal view of an employee’s overall security state. Security teams can see each employee’s SaaS security state for a quick view of where they need to fix security issues and where they’re in the clear. This user security dashboard is really handy for visibility over particularly high-risk employees (usually those who use a lot of different SaaS apps and those who work with highly sensitive data - like legal teams, executives, HR, finance, etc.). ",{"data":684,"content":685,"nodeType":279},{},[686],{"data":687,"marks":688,"value":689,"nodeType":248},{},[],"By displaying this information in a single, clean, easy to read panel, both employees and security teams can work together to take actions to fix issues quickly and easily.",{"data":691,"content":695,"nodeType":329},{"target":692},{"sys":693},{"id":694,"type":267,"linkType":268},"7IZDuJ7c2takbu4OaKLsKB",[],{"data":697,"content":698,"nodeType":473},{},[699],{"data":700,"marks":701,"value":702,"nodeType":248},{},[],"How to apply a user-centric approach in your organization",{"data":704,"content":705,"nodeType":279},{},[706],{"data":707,"marks":708,"value":709,"nodeType":248},{},[],"\nWe’ve found that many companies believe in a user-centric approach to security in theory, but what that looks like in practice is less clear. That’s partly because there’s confusion around how to apply a concept that feels like a design principle to your organization’s security strategy. Most people we talk to like the idea of equipping employees to help secure the apps they’re using, but how to make that work in their environment is a bit scary, since it directly impacts every person in the company. ",{"data":711,"content":712,"nodeType":279},{},[713],{"data":714,"marks":715,"value":716,"nodeType":248},{},[],"Part of the problem is that “user-centric” has become a bit of a buzzword in marketing, with a lot of the vendors saying they’re user-centric when that really means they’ve just built a Slack or Teams integration that can message employees. Turning that feature on without thinking about how it’ll impact all of the employees in the business is a recipe for disaster. ",{"data":718,"content":719,"nodeType":279},{},[720],{"data":721,"marks":722,"value":723,"nodeType":248},{},[],"After speaking with customers and prospects since launch, we’ve discovered how important it is that we clearly explain how employees are going to be contacted and with what information. To adopt a user-centric approach that actually leads to measurable improvements in security, you need a tool that reaches out to employees with the right messaging at the right time and in the right place, whether that’s via ChatOps or in the browser, where they’re working.",{"data":725,"content":726,"nodeType":473},{},[727,731,736],{"data":728,"marks":729,"value":730,"nodeType":248},{},[],"Equipping employees is ",{"data":732,"marks":733,"value":735,"nodeType":248},{},[734],{"type":395},"part",{"data":737,"marks":738,"value":739,"nodeType":248},{},[]," of the solution, not the whole solution ",{"data":741,"content":742,"nodeType":279},{},[743,747,752],{"data":744,"marks":745,"value":746,"nodeType":248},{},[],"User-centric approaches are a tool in the security team’s toolbox, a practical way to bring employees into the process - not a way to outsource the technical security burden to people with no security expertise. You don’t get to outsource security to employees and employees should ",{"data":748,"marks":749,"value":751,"nodeType":248},{},[750],{"type":395},"never ",{"data":753,"marks":754,"value":755,"nodeType":248},{},[],"be making technical security decisions on the company’s behalf. Employees provide context on how they’re using apps so that the security team can make risk-based decisions on which apps employees can use. ",{"data":757,"content":758,"nodeType":279},{},[759,763,772,776,785],{"data":760,"marks":761,"value":762,"nodeType":248},{},[],"By adopting a user-centric approach alongside centralized visibility and controls, most security teams have found a way to secure employee SaaS accounts and SaaS use at scale. We’re excited to work with our customers and investors to solve new problems in this emerging space. Follow us on ",{"data":764,"content":766,"nodeType":257},{"uri":765},"https://twitter.com/PushSecurity",[767],{"data":768,"marks":769,"value":771,"nodeType":248},{},[770],{"type":310},"Twitter",{"data":773,"marks":774,"value":775,"nodeType":248},{},[]," and ",{"data":777,"content":779,"nodeType":257},{"uri":778},"https://www.linkedin.com/company/push-security/",[780],{"data":781,"marks":782,"value":784,"nodeType":248},{},[783],{"type":310},"LinkedIn",{"data":786,"marks":787,"value":788,"nodeType":248},{},[]," and sign up to our mailing list to come along for the ride!","document",{"entries":791},{"inline":792,"hyperlink":793,"block":799},[],[794],{"sys":795,"__typename":796,"title":797,"slug":798},{"id":266},"BlogPosts","Push Security Announces $4M Seed Round to Introduce User-Centric Approach to Securing SaaS ","push-security-announces-4m-seed-round-to-introduce-user-centric-approach",[800,809,816,824,833,841,848],{"sys":801,"__typename":802,"title":803,"caption":804,"layoutMode":62,"file":805},{"id":327},"Image","Old software procurement process","Traditional software procurement process",{"url":806,"width":807,"height":808},"https://images.ctfassets.net/y1cdw1ablpvd/5WwGnHoSxS9HFJMNYNrn4V/16c03fe426dce8a4d131a6185dcc9dc7/image__33_.png",1412,502,{"sys":810,"__typename":802,"title":811,"caption":812,"layoutMode":62,"file":813},{"id":334},"New way of procuring software due to PLG","The new way of procuring software due to PLG",{"url":814,"width":807,"height":815},"https://images.ctfassets.net/y1cdw1ablpvd/1bwMESg7gXQ5XsSYJax69u/664c3d2a124535c98c68e6d20432ce02/image__32_.png",634,{"sys":817,"__typename":802,"title":818,"caption":819,"layoutMode":62,"file":820},{"id":529},"Channel message high risk","Channel messaging flags new apps that request excessive access and permissions",{"url":821,"width":822,"height":823},"https://images.ctfassets.net/y1cdw1ablpvd/16GOmyxENsdDIXYSEuXLvs/fa2cae84b345ca3bed2b11c55250516a/image5.png",1410,488,{"sys":825,"__typename":802,"title":826,"caption":827,"layoutMode":828,"file":829},{"id":570},"User centric pyramid","This combination of user-centric features drives a shared-responsibility model for securing SaaS at scale","Centre aligned",{"url":830,"width":831,"height":832},"https://images.ctfassets.net/y1cdw1ablpvd/4tVqPb2j9CakuDQJOdrV05/8982dc92b9a91281fcfc84437f949798/image2.png",769,543,{"sys":834,"__typename":802,"title":835,"caption":836,"layoutMode":62,"file":837},{"id":640},"Just-in-time password security notifications","Just-in-time password security notifications help prevent weak passwords at the initial sign-up point",{"url":838,"width":839,"height":840},"https://images.ctfassets.net/y1cdw1ablpvd/7inJ8mDRdC8m3uLPPrzke1/8886ca4dd9a7ab57d30a5defd33ed8de/image7.png",1003,750,{"sys":842,"__typename":802,"title":843,"caption":844,"layoutMode":62,"file":845},{"id":667},"Inactive app ChatOps message ","A ChatOps message to an employee about an unused app that could be removed to reduce the SaaS attack surface",{"url":846,"width":822,"height":847},"https://images.ctfassets.net/y1cdw1ablpvd/6l8kHejUI8T4KYkuHgKdYJ/4ad0373d188047edef245e2b1c1e00d1/image8.png",516,{"sys":849,"__typename":802,"title":675,"caption":850,"layoutMode":62,"file":851},{"id":694},"Employee SaaS security overview in the Push platform",{"url":852,"width":853,"height":854},"https://images.ctfassets.net/y1cdw1ablpvd/5N2IRTdh1hmG6a9D6b5fGM/4afae228bd32772e8497f00d47a6b049/image1.png",800,944,"json",{"items":857},[],{},"Push Security series A announcement ","2023-03-28T00:00:00.000Z",{"items":862},[863,1089],{"__typename":796,"sys":864,"content":865,"title":797,"synopsis":1075,"hashTags":62,"publishedDate":1076,"slug":798,"tagsCollection":1077,"authorsCollection":1083},{"id":266},{"json":866},{"data":867,"content":868,"nodeType":789},{},[869,902,909,916,923,930,937,944,964,972,979,1009,1017,1035,1043,1050,1068],{"data":870,"content":871,"nodeType":279},{},[872,876,885,889,898],{"data":873,"marks":874,"value":875,"nodeType":248},{},[],"Push Security, a provider of technology enabling secure SaaS adoption and usage, today announced it completed a $4 million seed round led by ",{"data":877,"content":879,"nodeType":257},{"uri":878},"http://decibel.vc/",[880],{"data":881,"marks":882,"value":884,"nodeType":248},{},[883],{"type":310},"Decibel",{"data":886,"marks":887,"value":888,"nodeType":248},{},[]," and backed by ",{"data":890,"content":892,"nodeType":257},{"uri":891},"/about/",[893],{"data":894,"marks":895,"value":897,"nodeType":248},{},[896],{"type":310},"prominent industry leaders",{"data":899,"marks":900,"value":901,"nodeType":248},{},[],", including Jon Oberheide, co-founder of Duo Security, and Haroon Meer, CEO and founder of Thinkst. With this funding, Push will continue to develop technology that guides employees to make smart decisions while they are using company SaaS platforms, enlisting their help to improve security.",{"data":903,"content":904,"nodeType":279},{},[905],{"data":906,"marks":907,"value":908,"nodeType":248},{},[],"In a cloud-first world, employees are moving fast and adopting SaaS platforms to get things done. Most organizations have hundreds of SaaS apps in use in their environment and the majority of those apps are owned by employees rather than IT or security. SaaS makes productivity gains and technical innovation accessible for companies of all sizes, but it also introduces risk to the business unless it’s properly managed. Without a way to ensure employees are using SaaS securely, many organizations resort to try to control SaaS with highly restrictive policies, which is frustrating for both employees and security teams.",{"data":910,"content":911,"nodeType":279},{},[912],{"data":913,"marks":914,"value":915,"nodeType":248},{},[],"Push believes that the best way to support this move toward productivity and flexibility is to adopt a user-centric approach — to equip employees to improve their own security while using SaaS. ",{"data":917,"content":918,"nodeType":279},{},[919],{"data":920,"marks":921,"value":922,"nodeType":248},{},[],"“The world of work is shifting in a big way,” said Adam Bateman, Push co-founder and CEO. “Employees want flexibility and they need the right tools to be productive, but those tools aren’t always company-approved. So, they’re signing up for those tools on their own. Security teams want to assert some control over this because SaaS apps introduce risk to their company, so they often try to simply lock down SaaS. However, in the long run this just encourages employees to work around the security team. You can’t secure SaaS that’s owned by employees without working with employees. We’ve built a lightweight, scalable way to let employees use SaaS responsibly, guiding them to actually fix security issues, while offloading work from security teams. We’ll prove along the way that employees don’t need to just be seen as part of the problem, but can actually become part of the solution.”",{"data":924,"content":925,"nodeType":279},{},[926],{"data":927,"marks":928,"value":929,"nodeType":248},{},[],"“The future of cyber resilience in a SaaS-first world needs cloud-scale solutions designed for the user,” added Ollie Whitehouse, angel investor and CTO at NCC Group. “Push has delivered a solution that has unlimited potential to provide value to all organizations in such a world.” ",{"data":931,"content":932,"nodeType":279},{},[933],{"data":934,"marks":935,"value":936,"nodeType":248},{},[],"Jon Sakoda, Push investor and founder of Decibel, invested in Push’s vision for the future and scalable approach to a really difficult problem. “The Push team has set out to help organizations of every size safely adopt SaaS,” said Jon. “The co-founders have deep security experience as researchers and red teamers, and they’re applying that knowledge to an exponentially growing problem that no one else has been able to solve. I can’t wait to see what the Push team will do to apply user-centric security to finally help organizations progress beyond traditional security solutions that have not been able to keep up with the pace of modern IT.”",{"data":938,"content":939,"nodeType":279},{},[940],{"data":941,"marks":942,"value":943,"nodeType":248},{},[],"“Push is connecting the dots between users and their SaaS applications, allowing them to use the apps they love while keeping their organization secure,” added Jon Oberheide, angel investor, co-founder and former CTO of Duo Security (acquired by Cisco). ",{"data":945,"content":946,"nodeType":279},{},[947,951,960],{"data":948,"marks":949,"value":950,"nodeType":248},{},[],"Push is free to try and free to use for up to 10 users. Visit ",{"data":952,"content":954,"nodeType":257},{"uri":953},"https://pushsecurity.com/",[955],{"data":956,"marks":957,"value":959,"nodeType":248},{},[958],{"type":310},"pushsecurity.com",{"data":961,"marks":962,"value":963,"nodeType":248},{},[]," to sign up and start your trial.  ",{"data":965,"content":966,"nodeType":279},{},[967],{"data":968,"marks":969,"value":971,"nodeType":248},{},[970],{"type":347},"About Push Security",{"data":973,"content":974,"nodeType":279},{},[975],{"data":976,"marks":977,"value":978,"nodeType":248},{},[],"Push provides a super scalable way to secure SaaS, by equipping employees to join the fight against attackers and improve their own security. We monitor employee SaaS activity and then (using tools such as ChatOps and a browser extension) provide them with just-in-time guidance to help them make good security decisions about how they use and access SaaS.",{"data":980,"content":981,"nodeType":279},{},[982,986,993,997,1005],{"data":983,"marks":984,"value":985,"nodeType":248},{},[],"Push is backed by Decibel Partners. See Push in action at ",{"data":987,"content":988,"nodeType":257},{"uri":953},[989],{"data":990,"marks":991,"value":959,"nodeType":248},{},[992],{"type":310},{"data":994,"marks":995,"value":996,"nodeType":248},{},[]," and follow them on at ",{"data":998,"content":999,"nodeType":257},{"uri":765},[1000],{"data":1001,"marks":1002,"value":1004,"nodeType":248},{},[1003],{"type":310},"@PushSecurity",{"data":1006,"marks":1007,"value":1008,"nodeType":248},{},[],". ",{"data":1010,"content":1011,"nodeType":279},{},[1012],{"data":1013,"marks":1014,"value":1016,"nodeType":248},{},[1015],{"type":347},"About Decibel",{"data":1018,"content":1019,"nodeType":279},{},[1020,1023,1031],{"data":1021,"marks":1022,"value":29,"nodeType":248},{},[],{"data":1024,"content":1026,"nodeType":257},{"uri":1025},"http://decibel.vc",[1027],{"data":1028,"marks":1029,"value":884,"nodeType":248},{},[1030],{"type":310},{"data":1032,"marks":1033,"value":1034,"nodeType":248},{},[]," is an independent venture firm, based in Silicon Valley that backs technical founders and helps them find product-market fit and accelerate their business. Decibel invests in early-stage enterprise software companies, with a special focus on Cybersecurity, Developer Platforms, Open Source, and ML and AI Infrastructure and Applications.",{"data":1036,"content":1037,"nodeType":279},{},[1038],{"data":1039,"marks":1040,"value":1042,"nodeType":248},{},[1041],{"type":347},"Contact:",{"data":1044,"content":1045,"nodeType":279},{},[1046],{"data":1047,"marks":1048,"value":1049,"nodeType":248},{},[],"Sally Soulliere, Push Security ",{"data":1051,"content":1052,"nodeType":279},{},[1053,1056,1065],{"data":1054,"marks":1055,"value":29,"nodeType":248},{},[],{"data":1057,"content":1059,"nodeType":257},{"uri":1058},"mailto:sally.soulliere@pushsecurity.com",[1060],{"data":1061,"marks":1062,"value":1064,"nodeType":248},{},[1063],{"type":310},"sally.soulliere@pushsecurity.com",{"data":1066,"marks":1067,"value":29,"nodeType":248},{},[],{"data":1069,"content":1070,"nodeType":279},{},[1071],{"data":1072,"marks":1073,"value":1074,"nodeType":248},{},[],"\n","Launches solution that finds SaaS apps employees are using and guides them to fix issues","2022-07-19T00:00:00.000Z",{"items":1078},[1079],{"sys":1080,"name":1082},{"id":1081},"4EtskIWlj3SOH3UHbFR8uG","Company news",{"items":1084},[1085],{"fullName":1086,"firstName":1086,"jobTitle":62,"profilePicture":1087},"The Push Team",{"url":1088},"https://images.ctfassets.net/y1cdw1ablpvd/7xpR9kiHAQWtZBj2rpOmmU/052ddfbb96afb37962278062047ab16d/Twitter_Linkedin_icon_white.png",{"__typename":796,"sys":1090,"content":1092,"title":1438,"synopsis":1439,"hashTags":62,"publishedDate":1076,"slug":1440,"tagsCollection":1441,"authorsCollection":1445},{"id":1091},"4ZNEAZLwXE9Pz3lx1mhEZN",{"json":1093},{"data":1094,"content":1095,"nodeType":789},{},[1096,1103,1120,1127,1134,1141,1149,1156,1164,1196,1203,1210,1217,1224,1231,1238,1245,1252,1259,1266,1273,1280,1296,1303,1310,1317,1324,1331,1338,1345,1352,1359,1366,1372,1379,1406,1413,1420],{"data":1097,"content":1098,"nodeType":473},{},[1099],{"data":1100,"marks":1101,"value":1102,"nodeType":248},{},[],"Blocking SaaS isn’t working ",{"data":1104,"content":1105,"nodeType":279},{},[1106,1111,1115],{"data":1107,"marks":1108,"value":1110,"nodeType":248},{},[1109],{"type":395},"tl;dr",{"data":1112,"marks":1113,"value":1114,"nodeType":248},{},[],": ",{"data":1116,"marks":1117,"value":1119,"nodeType":248},{},[1118],{"type":395},"The traditional way of just blocking apps that haven’t been vetted or approved by the security team isn’t working now and absolutely won’t scale as businesses now value flexibility as much as productivity and security. You don’t have to choose one anymore. Empower your employees to be productive and move fast, securely, and partner with them to secure SaaS.",{"data":1121,"content":1122,"nodeType":279},{},[1123],{"data":1124,"marks":1125,"value":1126,"nodeType":248},{},[],"It’s common for organizations to have hundreds of SaaS apps in use at all times and we expect that number to continue to rise. Most companies accept SaaS use because it helps employees be productive and get their work done, but each SaaS app does introduce risk to the company because they require access to business data, employees input data into each app, and the app becomes a part of your larger corporate attack surface. ",{"data":1128,"content":1129,"nodeType":279},{},[1130],{"data":1131,"marks":1132,"value":1133,"nodeType":248},{},[],"Simply blocking SaaS use hasn’t worked to date and, as more and more apps are built, with more and more functionality employees need, blocking and restricting just can’t scale and will widen the divide between security and employees.",{"data":1135,"content":1136,"nodeType":279},{},[1137],{"data":1138,"marks":1139,"value":1140,"nodeType":248},{},[],"But to secure SaaS, security teams need visibility. There are some newer tools on the market built specifically to discover cloud and SaaS adoption (SaaS discovery and shadow IT discovery tools), but they tend to be focused exclusively on knowing what employees are using so that security and IT can enforce rules and controls on that SaaS use in order to keep company data out of the hands of the bad guys. ",{"data":1142,"content":1143,"nodeType":279},{},[1144],{"data":1145,"marks":1146,"value":1148,"nodeType":248},{},[1147],{"type":347},"Instead of focusing on using that SaaS visibility to create and enforce new policies to restrict SaaS use, what if we could leverage SaaS visibility to help employees actually adopt and use SaaS how they want to? ",{"data":1150,"content":1151,"nodeType":279},{},[1152],{"data":1153,"marks":1154,"value":1155,"nodeType":248},{},[],"We’re trying a different approach that puts more trust in employees’ desire and ability to keep themselves secure. ",{"data":1157,"content":1158,"nodeType":473},{},[1159],{"data":1160,"marks":1161,"value":1163,"nodeType":248},{},[1162],{"type":347},"Introducing a user-centric approach to securing SaaS ",{"data":1165,"content":1166,"nodeType":279},{},[1167,1171,1179,1183,1192],{"data":1168,"marks":1169,"value":1170,"nodeType":248},{},[],"\nThe user-centric movement has been successfully adopted by industry leaders like ",{"data":1172,"content":1174,"nodeType":257},{"uri":1173},"https://slack.engineering/distributed-security-alerting/",[1175],{"data":1176,"marks":1177,"value":1178,"nodeType":248},{},[],"Slack",{"data":1180,"marks":1181,"value":1182,"nodeType":248},{},[],", ",{"data":1184,"content":1186,"nodeType":257},{"uri":1185},"https://netflixtechblog.com/introducing-netflix-stethoscope-5f3c392368e3",[1187],{"data":1188,"marks":1189,"value":1191,"nodeType":248},{},[1190],{"type":310},"Netflix",{"data":1193,"marks":1194,"value":1195,"nodeType":248},{},[],", Github, Duo Security. For endpoint security, those user-centric approaches were spot on. They engaged employees to make decisions about their devices that would inform security teams about employee devices. We even developed our own user-centric solution for endpoint devices when working together at MWR (acquired by F-Secure). ",{"data":1197,"content":1198,"nodeType":279},{},[1199],{"data":1200,"marks":1201,"value":1202,"nodeType":248},{},[],"When it comes to securing SaaS, working directly with users (employees) is not just a huge value add, it's essential. That's because the SaaS apps employees are using are giant unknowns - they’re not known entities or endpoints like employee devices - so you can't find out about or address security issues in SaaS apps without working with employees who are using those apps.",{"data":1204,"content":1205,"nodeType":473},{},[1206],{"data":1207,"marks":1208,"value":1209,"nodeType":248},{},[],"SaaS is owned by users, so needs to be secured by users",{"data":1211,"content":1212,"nodeType":279},{},[1213],{"data":1214,"marks":1215,"value":1216,"nodeType":248},{},[],"Scared yet? We get it, and we don’t expect you to relinquish all control of security and hand it off to employees. But stick with us for a second… There’s a stat making the rounds that suggests that more than two-thirds of SaaS is owned by employees. They’re self-adopting SaaS, integrating it with your business data, and using those tools to work faster, smarter, and generally be more productive. So, while it may not make sense to give up and just let employees continue doing what they’re doing with zero oversight, there’s a scalable way to meet in the middle. ",{"data":1218,"content":1219,"nodeType":279},{},[1220],{"data":1221,"marks":1222,"value":1223,"nodeType":248},{},[],"We decided to focus on improving the security of SaaS use by equipping employees to help. If this approach lets employees freely adopt and use SaaS, then it’s a win for both employees and security teams.",{"data":1225,"content":1226,"nodeType":279},{},[1227],{"data":1228,"marks":1229,"value":1230,"nodeType":248},{},[],"Could user-centric security concepts be used to secure SaaS and cloud application usage - not just securing access to SaaS, but restricting excessive app permissions, removing unused cloud apps and shadow IT, and so on?  ",{"data":1232,"content":1233,"nodeType":279},{},[1234],{"data":1235,"marks":1236,"value":1237,"nodeType":248},{},[],"SaaS is user-powered. They’re adopting it and using it on their own already. Trying to secure SaaS by either completely restricting its use or only allowing employees access to a handful of corporate-sanctioned apps won’t scale. It would be naive to ignore the fact that SaaS introduces risk. Each app requests access to business data, employees have to integrate the apps into your systems and they’ll be inputting business data into the app. Which means that each app becomes a part of the attack surface security teams must protect.",{"data":1239,"content":1240,"nodeType":279},{},[1241],{"data":1242,"marks":1243,"value":1244,"nodeType":248},{},[],"The old way of dealing with this was just to block SaaS as soon as the security team discovers an app in use, or requiring administrator approval before integrating with other SaaS - keeping the security team in the role of the enforcer or blocker to employee SaaS use. Everyone hates that way - employees and security teams. But leaving SaaS adoption wide open is a security nightmare. So where do you start when it comes to securing SaaS use? With the owners of SaaS - the users.",{"data":1246,"content":1247,"nodeType":294},{},[1248],{"data":1249,"marks":1250,"value":1251,"nodeType":248},{},[],"You can’t secure SaaS without involving the user",{"data":1253,"content":1254,"nodeType":279},{},[1255],{"data":1256,"marks":1257,"value":1258,"nodeType":248},{},[],"To secure SaaS, you need to: ",{"data":1260,"content":1261,"nodeType":279},{},[1262],{"data":1263,"marks":1264,"value":1265,"nodeType":248},{},[],"1) know what SaaS employees are using and how they’re using them",{"data":1267,"content":1268,"nodeType":279},{},[1269],{"data":1270,"marks":1271,"value":1272,"nodeType":248},{},[],"2) know what data the app has access to and what it requires",{"data":1274,"content":1275,"nodeType":279},{},[1276],{"data":1277,"marks":1278,"value":1279,"nodeType":248},{},[],"3) find out if security controls are missing and then chase employees to enable them improve",{"data":1281,"content":1282,"nodeType":279},{},[1283,1287,1292],{"data":1284,"marks":1285,"value":1286,"nodeType":248},{},[],"The most logical way to get this information is to talk to your employees directly, but that can’t scale. Let’s say you have 200 employees and each is using a dozen SaaS apps in their role. Are you going to go to each employee (through Slack or Teams, over the phone, via email?) and ask what they’re using, how they’re accessing it, what they’re using it for, if they’re still using it, who the admin is, and so on? Even if you ",{"data":1288,"marks":1289,"value":1291,"nodeType":248},{},[1290],{"type":395},"could",{"data":1293,"marks":1294,"value":1295,"nodeType":248},{},[]," do that, would they even remember all the SaaS apps they’ve started trials with or what they’re using for free? What else would fall under your radar?",{"data":1297,"content":1298,"nodeType":279},{},[1299],{"data":1300,"marks":1301,"value":1302,"nodeType":248},{},[],"To satisfy the three SaaS security requirements we listed above, we’ve decided to focus our initial product efforts on SaaS discovery and getting business context from SaaS users (your employees) to ensure they’re using SaaS securely.",{"data":1304,"content":1305,"nodeType":279},{},[1306],{"data":1307,"marks":1308,"value":1309,"nodeType":248},{},[],"But knowing is just the start - what’s the point of getting visibility if you’re not using it to fix security issues or remove high-risk or dodgy apps?",{"data":1311,"content":1312,"nodeType":473},{},[1313],{"data":1314,"marks":1315,"value":1316,"nodeType":248},{},[],"Guide employees to fix security issues and use SaaS securely ",{"data":1318,"content":1319,"nodeType":279},{},[1320],{"data":1321,"marks":1322,"value":1323,"nodeType":248},{},[],"That’s where the user-centric approach to securing SaaS comes in. We believe employees want to do the right thing and don’t want to be the one responsible for a breach. As long as we make it as easy and quick as possible for them to help and to take action, they will. ",{"data":1325,"content":1326,"nodeType":279},{},[1327],{"data":1328,"marks":1329,"value":1330,"nodeType":248},{},[],"To make this work at scale, we use ChatOps to engage directly with the employee, and a browser extension to prompt users and help them fix SaaS security issues. By helping them self-remediate issues, we offload the more mindless security hygiene work from security and IT, while enabling employees to use the SaaS tools they want.",{"data":1332,"content":1333,"nodeType":279},{},[1334],{"data":1335,"marks":1336,"value":1337,"nodeType":248},{},[],"We can also use this technology to get relevant business context about how they’re using each app and if they’re even still using it. If they say they aren’t using it anymore, we can help them remove it from your attack surface. ",{"data":1339,"content":1340,"nodeType":294},{},[1341],{"data":1342,"marks":1343,"value":1344,"nodeType":248},{},[],"But I can’t trust employees to own security!",{"data":1346,"content":1347,"nodeType":279},{},[1348],{"data":1349,"marks":1350,"value":1351,"nodeType":248},{},[],"There’s an old trope in the security world that users are the weakest link. So, how can we expect “the weakest link” in a company to actually secure the company? We’d like to challenge that old adage and suggest that employees shouldn’t be expected to become security experts in order to secure a business. That’s not their job. ",{"data":1353,"content":1354,"nodeType":279},{},[1355],{"data":1356,"marks":1357,"value":1358,"nodeType":248},{},[],"What employees can do really well is provide context for the security team and to self-remediate the more mundane security issues by using stronger passwords, enabling MFA for SaaS apps, and so on. ",{"data":1360,"content":1361,"nodeType":279},{},[1362],{"data":1363,"marks":1364,"value":1365,"nodeType":248},{},[],"We believe the key to making the user-centric approach work is to give users clear, easy to follow instructions and asking them questions they can answer without Googling for more information. We ask questions to get useful context and then enrich SaaS usage data for admins so they can make decisions about what SaaS is appropriate for their business.",{"data":1367,"content":1371,"nodeType":329},{"target":1368},{"sys":1369},{"id":1370,"type":267,"linkType":268},"7eWh1U86EEbSFeJdXIPUZl",[],{"data":1373,"content":1374,"nodeType":473},{},[1375],{"data":1376,"marks":1377,"value":1378,"nodeType":248},{},[],"Making user-centric security work in the real world ",{"data":1380,"content":1381,"nodeType":279},{},[1382,1386,1391,1397,1402],{"data":1383,"marks":1384,"value":1385,"nodeType":248},{},[],"Getting user-centric security to work well requires a near-perfect user experience - it must be quick and easy or they won’t engage with it. We need to understand employees, speak their language, empathize with them, respect their busy schedules, and help them when they’re ready to work with us. One truth remains: ",{"data":1387,"marks":1388,"value":1390,"nodeType":248},{},[1389],{"type":347},"If employees aren’t responding to prompts, assume ",{"data":1392,"marks":1393,"value":1396,"nodeType":248},{},[1394,1395],{"type":347},{"type":395},"we’re ",{"data":1398,"marks":1399,"value":1401,"nodeType":248},{},[1400],{"type":347},"the problem",{"data":1403,"marks":1404,"value":1405,"nodeType":248},{},[],". We’ll be optimizing continuously based on employee engagement rate. ",{"data":1407,"content":1408,"nodeType":473},{},[1409],{"data":1410,"marks":1411,"value":1412,"nodeType":248},{},[],"Users aren’t the problem, they’re part of the solution",{"data":1414,"content":1415,"nodeType":279},{},[1416],{"data":1417,"marks":1418,"value":1419,"nodeType":248},{},[],"Engaging users to self-remediate SaaS security issues just makes sense and it's by far the most scalable way to secure SaaS. Securing SaaS while balancing the needs of employees and security teams requires that we work together and share the responsibilities. To do this, we need to stop insisting that users are the problem and remember that attackers are the bad guys, not employees.",{"data":1421,"content":1422,"nodeType":279},{},[1423,1427,1434],{"data":1424,"marks":1425,"value":1426,"nodeType":248},{},[],"Follow us on ",{"data":1428,"content":1429,"nodeType":257},{"uri":765},[1430],{"data":1431,"marks":1432,"value":1433,"nodeType":248},{},[],"social media",{"data":1435,"marks":1436,"value":1437,"nodeType":248},{},[]," and subscribe to our blog if you’re interested in hearing about what we’re learning from users along the way. We’d also love your feedback so we can keep improving!","Building a culture of trust to secure SaaS, together","We’re excited to announce our $4M seed round, led by Decibel. See how we’re building tech that allows companies to let employees freely & securely adopt SaaS.","building-a-culture-of-trust-to-secure-saas-together",{"items":1442},[1443],{"sys":1444,"name":1082},{"id":1081},{"items":1446},[1447],{"fullName":1086,"firstName":1086,"jobTitle":62,"profilePicture":1448},{"url":1088},"from-launch-to-series-a","blog/from-launch-to-series-a",{"json":1452},{"data":1453,"content":1454,"nodeType":789},{},[1455],{"data":1456,"content":1457,"nodeType":279},{},[1458],{"data":1459,"marks":1460,"value":1461,"nodeType":248},{},[],"We’re proud to share that we’ve locked in our $15M Series A round, led by GV. Here's what we've learned.\n","We’re proud to announce our $15M Series A round, led by GV. Here's what we've learned about what our customers need since we launched in July 2022. ",{"id":1464,"publishedAt":1465},"1t9lzEIIB2PNrN1pyG3RRy","2024-09-12T08:44:12.794Z",{"items":1467},[1468,1470],{"sys":1469,"name":1082},{"id":1081},{"sys":1471,"name":1473},{"id":1472},"3SA5H01UkKauuiTdt0KC6q","Shadow IT","lxOnwr4tvYtMWJYKldPUOaRAGGKC2Id04L7-zfzSg_8",1784196730336]