Security Software Company Adds Some Security of Its Own
Customer: Ping Identity
Industry: Identity and Access Management (IAM) Challenge: Enhancing security for its internal Salesforce instance.
What AppOmni Delivered:
- Full visibility into internal and external user data access within Salesforce
- Proactive alerts when access settings are incorrect or violate policies
- A multi-stage strategy for validating Salesforce data access and security posture
If you are in the security software business, it’s vital that your own systems are safe and secure. Ping Identity—relied on by more than half of the Fortune 100, to prevent data breaches and increase partner and employee productivity— has experienced rapid growth. In 2019, the company’s IPO was approaching, accelerating the need to get ahead of any potential security risks from its own SaaS applications, specifically Salesforce.
“By partnering with AppOmni, we were able to gain the necessary insight into various users and their roles in our Salesforce instance to instill the level of security needed. AppOmni has also helped our SaaS and IT administrators collaborate and streamline our overall security process.”
Arthur Loris, Manager of Product Security, Ping Identity
The Ping Identity team considered several traditional cloud security offerings to meet their goal, but the solutions lacked detailed insights into the SaaS applications Ping required. The in-line nature of these solutions also meant extensive resources were needed to deploy them, accompanied by lengthy periods of downtime. More critically, the solutions Ping had been evaluating were purely reactive, only alerting the IT team when potential data loss or theft was in progress. The Ping team wanted proactive alerts to vulnerabilities before they escalated into a data loss incident.
The security experts at Ping were drawn to AppOmni’s preventive and holistic approach to securing SaaS. Because AppOmni runs parallel to the SaaS cloud through API integrations, AppOmni uses a non-blocking approach to monitor which users have access to what data. Ping’s IT team can receive alerts early enough to catch policy violations before they turn into breaches through an in-depth understanding of risky SaaS configurations.
After an implementation session with Ping’s security team, AppOmni performed a risk assessment that provided visibility into Ping Identity’s data security and posture. Within an hour, the AppOmni team delivered an in-depth analysis of Ping’s Salesforce instance—including the portal community—along with the recommended steps to further enhance the security of the SaaS environment.
The AppOmni team has an unparalleled level of expertise when it comes to security configuration settings in Salesforce and other SaaS applications. By leveraging the baseline configuration policies that AppOmni created, Ping Identity reached an automated and continuously monitored security state within months, transitioning from configuring policies to monitoring and remediation.
Closing The SaaS Security Gap
Ping Identity’s story shows that even leading security companies can face challenges when configuring security policies for complex SaaS applications like Salesforce. While SaaS providers offer a wide array of security features and controls that are application specific, they may not provide alerting and best-practice templates. By offering software that’s non-blocking and non-intrusive, AppOmni provides a seamless and proactive security solution that integrates with existing processes and technology—without requiring additional in-house expertise.
Last updated September 14, 2022.