SaaS brings new security and compliance challenges. Shadow-IT, exposing Personally Identifiable Information (PII), unexpected app access, and sharing the company IP with 3rd parties are all just some of the security and compliance concerns your organization should address.
Torii provides several built-in reports to help mitigate some of the risk that comes with SaaS, as well as dedicated privacy and security standard certifications information for each app discovered by Torii.
Security Reports
Torii comes out of the box with a couple of reports that can assist you:
-
Security page - This report provides an analysis of the risk inherent in apps discovered via Google Workspace (G-suite), Azure, and Slack. For each app, Torii provides a risk level as well as the permissions that app has access to. You can use this report to help determine whether an app is proving to be a large security risk, and take action (outside of Torii) to limit the available scopes this app has.
-
SSO audit - This report audits managed vs. unmanaged users in your SSO provider per app. You can use this report to understand how has access to which app, and whether access to the app went through the intended SSO channel or not.
- Browser Extension status - This report grants insight into which users are providing data via the browser extension, and via which browser. You can use this report to analyze whether the browser extention is being used to its fullest potential, and identify areas that need improvement. By improving coverage breadth and frequency, you will discover more apps and gain increased control of your SaaS stack.
- Inactive Users - This report allows you to view users who did not engage with their apps in the defined inactivity period. You can also see whether the user has been terminated or not, and whether they have a license for that app. You can use this report to identify past users who still have access and licenses to your organization's apps, and close these security gaps.
Privacy and security standard certifications
Privacy and security standard certifications such as SOC II, GDPR and ISO 27001 are crucial benchmarks that organizations strive to achieve to demonstrate their commitment to protecting sensitive information and maintaining robust security measures. Torii provides this information to help you discover and assess apps which could be determined as risky due to lack of compliance to these standards. Read more about it here.
Torii also provides a dedicated report with a breakdown of this information by app in the reports page.