The Challenge

With clients in highly regulated sectors, Spencer Fane faced growing risks as data spread across private cloud and SaaS applications. The firm’s security team needed:

  • A complete view of the overall SaaS attack surface and application configurations
  • Better identity and access management to understand “who is doing what” across many apps
  • Streamlined processes to review policy baselines, guide app owners, and prioritize remediations
  • Centralized security oversight for a rapidly expanding and distributed application environment

Ownership of applications was distributed among business, IT, and partners, making it difficult to enforce consistent security controls. Manual processes required reviewing one application at a time and left gaps in visibility and control.

Read how Spencer Fane centralized SaaS security to meet client and regulatory requirements.

Our administrator was able to onboard the M365 application over lunch. ServiceNow took a couple of more hours to bring both the development and production environments under management. But we were up and running within a few hours.

— Wai Sheng Cheng, Information Security and Risk Manager, Spencer Fane

The Requirements 

Spencer Fane needed a SaaS security partner that could support:

Rapid, Low-overhead Deployment and Management

Easy onboarding, specifically M365 and ServiceNow up in hours with minimal admin effort

Fine-grained Security Insights and Centralized Visibility

Delivers detailed policy and configuration data across all SaaS platforms

Automated, Low-noise Policy Enforcement and Alerting

Prioritizes findings and enables targeted, actionable change management

Seamless Integration with SIEM and Other Systems

Exports normalized logs for analytics and compliance reporting

Scalable Support and Responsive Service

Provides U.S.-based support and timely technical assistance

The Results

With AppOmni, Spencer Fane’s security team:

  • Achieved centralized SaaS security visibility for M365, Salesforce, ServiceNow, and more
  • Prioritized changes and set up effective change management processes with application owners
  • Automated policy violation detection and remediation, reducing manual review from days to hours
  • Improved understanding of the company’s security posture by integrating logs with its  SIEM
  • Surfaced and managed SaaS-to-SaaS connections as part of ongoing governance and risk management

Why It Matters

Spencer Fane now ensures data security and compliance for its clients while supporting business growth and agility. AppOmni enables a shared commitment to security across teams, providing actionable insights, rapid remediation, and the foundation for firmwide risk management.

Spencer Fane is a leading U.S. law firm with over 900 employees and offices in 26 cities nationwide. The firm is recognized for workplace satisfaction, client service, diversity, and growth, and supports clients across financial services, healthcare, and defense. Information Security and Risk Manager Wai Sheng Cheng leads a dedicated security team to protect the firm’s sensitive data across a complex application portfolio.

Legal Services

900+

  • Configuration Management
  • SaaS Security Visibility
  • Identity and Access Management

Trusted by the World’s Leading Enterprises