“AppOmni definitely stuck out from hour one. Immersion into our needs—knowing what we want to do and SaaS solutions we wanted to cover—were great from day one. It’s been a complete success.”
Security Leader
Global Pharmaceuticals Company
About Global Pharmaceuticals Company
- A pharmaceutical manufacturer with over 20,000 employees
- $10 billion in revenue
- Produces life-saving drugs for patients around the world
Industry
Healthcare
Use Cases
- Posture Management
- SaaS-to-SaaS Cyber Risk
- Data Protection
- Data Security
The Challenge
A global pharmaceutical company struggled to secure its increasingly complex SaaS application ecosystem, which houses and processes highly sensitive data critical to medical breakthroughs and life-saving drugs. Attempting to manually decipher and manage SaaS security posture and controls interrupted the company’s plans to expand their IT portfolio and take advantage of emergent SaaS technologies.
The company security team could not, for example, manually learn and administer 300 new security controls in a recent Salesforce release. Not knowing which Salesforce security controls to turn on, turn off, or fine-tune could introduce security vulnerabilities, unintended data leaks, and other sizable cyber risks. SaaS providers typically prioritize performance over security, leaving the company’s security team skeptical of SaaS vendors’ picture-perfect posture reports.
As the company’s security leader pondered, “Will SaaS vendors tell me the truth? Yes, they will, but they will leave some truth out…. If I don’t trust them, then I cannot be surprised.” To reduce surprises, the company’s security team strives to employ a zero-trust mindset across its entire tech stack. But the lack of visibility into SaaS risks and threats left them uncomfortably reliant on vendors’ assurances.
To achieve zero-trust across existing and future SaaS systems, and gain visibility into user access roles and drift, the company needed a novel approach to SaaS security.
Must-Have Capabilities
As the company explored SaaS security solutions, SaaS Security Posture Management (SSPM) quickly emerged as the clear choice.
“We basically started to scan the market to see… what is out there. We started to dig deeper, and started to go to knowledgeable people that we knew in the industry. That’s how we came across AppOmni.”
Security Leader
Global Pharmaceuticals Company
AppOmni’s product maturity, roadmap, and flexible approach to onboarding customers impressed the company’s security team. “They definitely stuck out from basically hour one,” the security leader recalled. ”The immersion into our needs, and what it is we want to do, and which SaaS solutions we wanted to cover, were great from day one. And it’s been a complete success.”
After eliminating several prominent security vendors, including their incumbent providers of the SSE and CASB technologies, that failed to provide full visibility into SaaS systems or flexibility in the implementation, the pharmaceutical company engaged AppOmni in a POC.
Must-have features/capabilities for the global pharmaceutical company include:
- Greater control and visibility into SaaS security configurations and posture, and alerts for configuration drift
- Visibility into user access rights and behavior across SaaS applications
- Full coverage for Salesforce, Veeva Vault, and Microsoft 365
- Modern technology stack for securing SaaS, rather than a CASB solution with limited SaaS security capabilities beyond the network level
- Complete audit trails to maintain the company’s GxP and FDA compliance
- High degree of customizability and flexibility with implementation
“Functionality-wise, AppOmni was way beyond what everybody else could do,” the pharmaceutical leader shared. “From a technical point of view, there was no discussion.”
AppOmni’s Impact
Complete visibility into the entire SaaS estate, including user access and behavior
Ability to vet, configure, and maintain security for new SaaS systems
Easy administration and change management with an intuitive user interface
Maintained compliance with GxP and FDA regulations
SaaS Security After AppOmni
With AppOmni in place, the company’s security team no longer wonders about the implications of 300 new security controls when a SaaS vendor launches a new release. By simplifying SaaS security complexity, the pharmaceutical security team can now focus on critical security controls that significantly reduce cyber risk throughout their SaaS environment.
Alerts for new configurations or configuration drift — complete with actionable guidance that reflects the company’s IT and security policies — are delivered automatically to the right security team members. With complete visibility into configuration management, access rights, and user behavior, the pharmaceutical security team has achieved the zero-trust relationship with SaaS vendors it desired. Plus, comprehensive audit logs and a robust policy library maintain GxP and FDA compliance.
With the proper SaaS security framework in place, the company is confident in its ability to evaluate and secure additional SaaS vendors.
“The AppOmni platform itself has all the things we need, has all the integrations we need, from day one,” the company’s security leader summarized. “It’s an easy tool to work with. It’s responsive, and it’s just how it should be. We have great support, and my technical team is extremely happy with it.”
