BetterCloud centralizes SaaS management, automates workflows and compliance policies, and surfaces relevant insights across SaaS applications. Follow and get Industry news and research, the latest SaaS trends, tutorials, videos, shortcuts, and more for the IT industry and everyone else.
We are excited to be launching the SaaSOps Stars Awards program. Although we have given out awards at previous Altitude conferences, this year’s SaaSOps Stars Awards will span more use cases, covering more advances in IT and security. Year after year, we are impressed by the incredible things our customers are doing, and we want to recognize those customers for unlocking the power of SaaS Operations.
We are looking for innovative individuals and teams that have transformed their businesses, industry, or even their careers. If you are a first-mover or thought leader, you are a SaaSOps Star. If you impact your business’ bottom line, you are a SaaSOps Star. If you are working on solutions for business challenges that will revolutionize your team and organization, you are a SaaSOps Star.
Now, if you or your team are SaaSOps Stars, BetterCloud wants to shine the spotlight on your achievements with two types of SaaSOps Stars Awards:
Recognizing the SaaS Operations teams that have been pioneers/leaders of SaaS Ops. These teams move their business to the next level and disrupt their industry by identifying new technologies, applying new skills, and operationalizing processes.
Recognizing the individual who has been a pioneer/leader of SaaS Operations. SaaSOps Stars Heroes are instrumental in carrying innovation through their organizations. They introduce and develop initiatives that revolutionize their organization’s approach to SaaS Operations.
Nominations are open now until August 26th for the 2019 SaaSOps Stars Awards. Individuals and teams can nominate themselves or be nominated by a BetterCloud partner organization (BetterCloud partner submissions require client approval). We look forward to announcing the winners in San Francisco at Altitude 2019! Visit the SaaSOps Stars Awards page for more details and to submit your nomination.
Recognition at Altitude and in our post-event press release
Features in the BetterCloud Monitor blog, BetterIT Slack community, and BetterTalk bulletin
A SaaSOps Stars Award badge to share on social channels
Note: We recognize that some organizations will not allow acceptance of gifts or prizes, and thus neither will be provided where it violates applicable ethics rules. Winners will still receive recognition.
Altitude, BetterCloud’s annual IT conference, will be held September 23-25 in San Francisco this year. Thinking about attending? Let Ryan Donnon, the Director of IT at First Round Capital, persuade you that this is not your average IT conference.
Donnon discussed why he continues to attend Altitude, his favorite sessions from past conferences, and just how much he has gained from attending.
How many Altitude conferences have you attended?
I’ve been to both previous Altitude conferences as well as the virtual conference, Cloud IT Live 2016, which you held before you had a physical conference.
What drew you to your first Altitude, and what keeps you coming back?
Besides my love for BetterCloud, I thought it was a good opportunity to network and spend time with other people who are also cloud forward. There aren’t many conferences that are very focused on what I do and that bring together other like-minded professionals, so that’s what drew me to the first Altitude conference.
I keep coming back because you get the same core people every year. You get to know the people you’ve met at previous Altitudes, as well as the people from the BetterIT Slack community who you virtually talk to all the time. Altitude is your once-a-year chance to interact with those people. Besides the people, the content is always great and it’s awesome to see the roadmap laid out for you. Overall, it’s a really good two-day conference.
What was your favorite part of last year’s Altitude?
The BetterIT Live sessions! It’s unstructured time to discuss real-life topics and problems with the people at your table. It’s so useful to talk to your peers and figure out what other people are doing, what problems other people are having, and what their solutions are to problems that I’m facing. The fact that we get actual time blocked off at the conference for these kinds of conversations is super helpful.
Everything is changing so fast now that there’s always new tools, new products, new security threats. Things are growing exponentially. It’s hard to keep a pulse on everything.
For me, specifically, as a solo IT admin, I have no one on a day-to-day basis to throw ideas around with. I’m located in Philadelphia, so there’s also a much smaller community to have these conversations with. The types of interactions that the BetterIT Live sessions provide are rare for me to get in person, so those are the most valuable for me.
Each year at Altitude, BetterCloud releases new product features and outlines the product roadmap. What is it like to be part of those discussions?
It’s great because you see the vision laid out in front of you. Sometimes, features won’t be out for a year or two, but you can see where the product is headed and you know that everyone in the room is on that journey together. I appreciate that you get to look so far into the future; it gets you excited about what’s to come because you know it’ll make your life easier.
The roadmap even makes me look forward to renewing with BetterCloud, because the roadmap discussion shows you that things can be different than how they are now, and BetterCloud will help you achieve that.
Sometimes BetterCloud describes a solution on the roadmap to a problem that I didn’t even know was a problem. It’s actually happened a couple of times over the years; I learn about the problem and an upcoming solution to it all in one sitting.
Additionally, when BetterCloud announces new features on the roadmap, it’s exciting to realize that I’ll have a way to address issues that I wasn’t able to before. It’s great because you realize exactly how the feature is going to make life better.
What’s the most valuable thing you’ve learned at an Altitude conference?
There’s no one specific thing—it’s all the little things that are the most valuable. It’s learning what everyone in the community is doing, taking that, and then being able to iterate on your processes to make them a little more efficient or a little bit more secure. Additionally, it’s seeing different features that are being launched and thinking about how you’re going to implement those to improve your environment.
I learn all these things, then I go back and immediately make changes. It’s taking all the little things you’ve learned that make very small incremental changes to your daily life and processes that ultimately make a big difference.
If you were talking to someone who is considering attending Altitude, but they weren’t totally sure, what would you tell them?
I would say that if you are part of a SaaS-forward business, going to Altitude is the best place to talk to a community of like-minded thinkers who are going to help you directly with your day-to-day job. Everyone’s using SaaS to some degree, but that doesn’t mean that everyone is fully versed in SaaS. If you are that person, then this is THE community that you need to be in.
And BetterCloud throws a kick-ass party.
As you know, Altitude is a sponsor free, no pressure conference. What’s it like to attend a conference like this?
I think the fact that there are no sponsors is super awesome. It’s nice to not have time eaten up by sponsors—time that could otherwise be spent learning how to better use the product.
Attending a conference that is void of all that and, instead, is a complete learning and networking experience is completely game changing.
BetterCloud, the BetterIT Slack group, and the Altitude conference—those communities are the ones that you absolutely have to be part of if you’re working in IT and use SaaS applications.
This week, we’re back with Product Tip Tuesday to talk about Content Scanning for personally identifiable information (PII).
End users have the ability to create content with sensitive data (such as PII, PHI, etc.). But it’s difficult for IT admins to get visibility into where that data lives—or worse, if it’s being shared publicly or externally.
According to our recent State of Insider Threats in the Digital Workplace 2019 report, 75% of IT professionals believe that the biggest security threats lie in cloud storage, file sharing, and email. Without the proper context into their users and data, IT and security teams are unable to take the appropriate remediations when data is exposed. And this kind of exposure can be devastating for businesses. It can result in compliance violations, hefty fines, loss of customer trust, reputational damage, and more.
That’s where Content Scanning comes in. With BetterCloud’s Content Scanning, admins can get insight into what documents their end users are sharing and if they contain any sensitive PII. Admins are able to search through content in G Suite, Box, and Slack for mentions of social security numbers, passport numbers, credit card information, email addresses, names, and more. BetterCloud provides hundreds of preset regular expressions out of the box for admins to select from, including the ability to narrow down their search by categories and region.
With the ability to scope these alerts to specific areas, IT teams can determine whether the files are shared publicly or externally and then create remediation paths accordingly.
Here’s an example of a Content Scanning workflow we created to find (and protect) public Drive files containing social security numbers:
Here’s another example of a Content Scanning workflow for sensitive Box files. This one finds and remediates financial information that’s publicly shared:
From the heavy lift required by Legal and Finance, to the inevitable complications involved with integrating corporate cultures, mergers and acquisitions are notoriously difficult.
IT is tasked with a laundry list of post-merger assignments, too. What applications in the technology stack do we keep, and how do we integrate duplicate systems? How do we keep an accurate list of which employees are staying and which are going? How do we avoid technological disruptions to end users and customers? What are the roles for everyone on the newly integrated IT staff?
BetterCloud is no panacea for the agglomeration of work required by IT for a successful merger, but there are ways the platform can help.
1.) View all of the SaaS data in your new environment in one place
3.) Apply uniform policies and automated workflows across instances
Each company is likely coming to the table with different processes and security philosophies (think, for example, about the file sharing policies for an established tech company vs. the emerging startup they might be acquiring). With BetterCloud, you can apply uniform policies and automated workflows across the newly merged company.
4.) Create granular admin roles for your new IT team and get the full picture with audit logs
Finally, what does the new IT staff look like? There are two features in BetterCloud that can help you navigate this transition: granular admin roles and audit logs.
BetterCloud’s role-based privileges can help you reduce the number of people who need super admin access during this transition by customizing the level of access for each admin based on their job responsibilities, and nothing more.
Audit logs allow you to track all actions and automations that admins are running in BetterCloud, and thus across applications. In a crucial moment of transition, you can remain compliant with GDPR and keep a historical record of admin activity.
Our bi-coastal new Chief Marketing Officer (CMO) Andrew Savitz has a passion for surfing and an insatiable appetite for Yelp. He can’t wait to put his plans into motion and share BetterCloud’s story with the world. Andy has extensive experience scaling enterprise SaaS companies, which makes him the perfect addition to BetterCloud.
Andy has a bachelor’s degree in mathematics and computer science and an MBA from UCLA.
Where are you from?
I am originally from Boston; I moved to California when I was 12. My wife, who I’ve known since we were kids, is also from Boston, so we spend a lot of time on both coasts. I love being out on the West Coast, and San Francisco is very much a sister city to Boston so it’s a terrific connection for our family.
Tell us about your role as CMO; what will you be responsible for?
Brand, awareness, positioning, and demand generation are the core disciplines of this role. But in the end what I do is help our customers understand what we do, how that relates to their business, and partner with them so that they can get the most out of their SaaS environments. If we do that right, our company will continue to be a success, and the world will understand the critical nature of SaaS Operations Management/SaaSOps and this category we’ve helped define, shape, and build. What could be more fun than that!
Why a startup and why BetterCloud?
I’ve been at companies of all sizes. I’m a geek at heart. I’ve studied math and computer science, I’ve worked with customers in their deployment of enterprise software throughout the whole first part of my career, and I’ve spent the last ten years leading marketing teams.
I’m passionate about what I do. I love building. I love disrupting. I love the velocity of today’s business and how, as marketers, we can engage customers to do discovery on their terms—no matter what channel and pace.
Startups are hard work, but they’re also the most fun: the teamwork, the camaraderie, the sense of building something great and purposeful. That’s exactly what I’ve experienced in my first month of BetterCloud—so I’m jazzed!
What are you most excited about in your new role?
What makes me excited about BetterCloud is that we have this incredible opportunity to disrupt. I’ve been in enterprise software for my entire career and SaaS since my days at Salesforce.com when software in the cloud pretty much got off the ground. Never before have I seen a category so ridiculously relevant to the challenges modern enterprises are facing today.
On top of that, I’ve felt such a connection to the culture and the people in and out of BetterCloud. I’ve joined a team of colleagues that share the same passions, interests, and enthusiasm; I’ve already had the chance to visit onsite with some of our amazing customers like Lime, Slack, and Splunk and they’re equally as awesome and inspiring!
From a marketing perspective, what are the biggest challenges ahead of you, and what’s the biggest opportunity?
We’ve got a lot to do—we have to roll up our sleeves to get it done. We’re building a brand new category, and we have an opportunity to disrupt a world of companies of all sizes that are making huge investments in SaaS applications. We’re growing fast, but you can never take this for granted. Our customers deserve a partner that’s going to constantly innovate and put their success first.
From an opportunity perspective, we have a lot of wind at our back. Major analysts like Gartner, IDC, and 451 Research have recognized what we do and are honing in on a category they’re labeling as SaaS Operations Management (or SaaSOps) and SaaS Management Platforms. More and more we’re finding companies already understand what we do when we walk in the door. They want to hear how we, as the first vendor in the category, are investing and where we see the future, and that’s a huge opportunity.
What does good marketing look, sound, or feel like to you? What about bad marketing?
Good marketing is the ability to engage your customers and tell a story that they understand, that they can consume, that they feel emotional about so they can begin to share the same enthusiasm that you do.
Bad marketing is not connecting with your customers. It’s talking about your solutions and your products, but not addressing why they need a solution, why they need it now, and why you’re a good fit to help solve those opportunities.
I think it’s our responsibility to make sure that we understand our customers’ challenges and demonstrate that we can be a partner on their SaaS journey.
Can you share your leadership philosophy with us?
The most important thing for me from a leadership perspective is a purpose-driven culture. I’m certain that BetterClouders all believe we’re making a huge impact helping our customers get the most out of their SaaS investments and protecting the sensitive data they’ve entrusted to the cloud. Getting behind that and building the camaraderie, the energy, and the excitement across the company is important as a leader. Without that belief, how can we be aligned? Honestly, I know I wouldn’t want to do something without that level of conviction and excitement.
If you could go back in time and give yourself advice at the start of your career, what would you tell yourself?
I think the most important thing, and I think that I’ve done this throughout my career, is to follow my passions. Life’s too short to do things that aren’t interesting. You need to have fun when you’re inside and outside of work.
The other piece of advice I have is to be fearless and follow your instincts. I think that as you build experience in your career, you should trust yourself as you go execute new ideas and challenge what you think is possible. It’s when I know I’ve done my best. We’re all growing, but that doesn’t mean we’re not building a huge foundation of experience along the way to lean on!
What accomplishment in your career are you most proud of so far?
I’ve had such nice milestones in my career. I’ve been in SaaS marketing for the last 10 years of my career working for companies of different sizes. In that time, I’ve helped build the largest product line at Salesforce.com. As the head of marketing, I’ve been able to help re-launch a startup that we successfully sold to SAP. I’ve been part of an IPO and the eventual sale of that solution to Oracle. I’ve managed really large teams, most recently as CMO of AppDynamics, a $4B acquisition by Cisco! These are exciting professional accomplishments in my marketing career that I’m proud of.
Along this journey, I’ve had the opportunity to work with amazing teams and cultures and that’s really what drives me more than anything, more than any individual milestone.
What do you do in your free time?
I am married with two little girls. Most of the time we’re on some sort of adventure together with our puppy (our two little kittens watch the house and keep things safe). I would say for spiritual peace, I will take any opportunity to get into the ocean to go surfing, or take a run with our dog, or just get outside to get some exercise.
I can’t get enough international travel. I’ve taken every advantage to do that throughout my life and would love to continue to do that with my family. I love experiencing new cultures, tasting new foods, meeting new people—some of my favorites include surfing through Indonesia, El Salvador, and Costa Rica; traveling through the Middle East; spending time with business colleagues throughout Asia including Hong Kong, Taipei, Macau, Japan, and South Korea; and three months studying and experiencing South and East Africa (less getting malaria which I don’t recommend)!
I’m a pretty passionate Yelper, so you might see one of my reviews out there. I’d say I made my name in the Bay Area doing reviews on Mexican taquerias. I’m a foodie, and I love to share my experiences.
If you weren’t a marketer, what do you think you would be?
I studied math when I was in college so I’d probably be a math teacher, or I’d be a stay-at-home dad. And if those two things didn’t work out, maybe a professional dog walker.
SaaS is revolutionizing the workplace, making collaboration easier and work more efficient. As companies move to SaaS, however, new insider threats have arisen, leaving IT and security teams without the tools to properly solve for them. SaaS Operations Management is uncharted waters; therefore, admins are still learning how to fully secure their environments. In many cases they’re still discovering where threats lie within these new environments.
If this is something you’re struggling with, you’re not alone. In fact, it is something that everyone is trying to navigate.
BetterCloud’s CISO Carlos Batista and Principal Solutions Engineer Mohammed Khalid hosted a webinar to discuss four of the most common, and most insidious, insider threats that you should be on the lookout for in your SaaS environment.
Click here if you want to watch the webinar now, or read below for a recap of what you missed.
First things first: What is an insider threat?
An insider threat, at least for our purposes, is a current or former employee, contractor, or business partner who has access to an organization’s network, systems, or data. There are three types of insider threats: compromised, malicious, and negligent.
A compromised insider threat is when your network is exploited by an outsider, like a hacker, through compromised credentials. A malicious insider is someone who intentionally causes harm, either for personal or financial gain. Finally, a negligent insider is an end user who means well but accidentally exposes sensitive information.
Four of the most common insider threats in the digital workplace, and the four that are discussed in this webinar, are data theft, group misconfiguration, data sharing, and excessive permissions.
1.) Data theft
How it happens
Often times, employees believe that whatever they create at a job, whether that be a book of business, code, or graphics, is theirs. Legally, however, that isn’t the case, but that may not deter an employee from downloading or exporting large amounts of data before they leave your company. Unfortunately, there are a lack of controls natively available within SaaS apps that allow you to see if or when employees are taking data with them.
Why it matters
The departing employee may not see this as malicious, but that doesn’t mean that it isn’t a threat to your company. Data dumps from soon-to-be former employees could mean a potential loss of trade secrets, intellectual property, market share, or revenue for your company. What started off as a benign act could end up costing your company.
How to solve it with BetterCloud
Khalid demonstrates how you can protect your environment from data theft by setting up customizable alerts and creating automated remediation policies in BetterCloud.
BetterCloud’s alerts and remediation actions are flexible, allowing you to secure your environment in the way that best fits your needs.
Poll question: How worried are you about employees taking data with them?
According to our webinar poll, 73% of IT professionals are very or somewhat worried about employees taking data with them. It’s important to note that none of the respondents are “not at all worried” about the threat of data loss. It’s a problem that everyone faces to some degree, but few people have a way to prevent it from happening in their environment.
2.) Group misconfiguration
How it happens
It’s difficult to keep track of all the groups across your SaaS applications. People will leave your organization or transfer departments, and contractors will finish their work. When this happens, you need to update your users’ group memberships, but it’s easy to overlook this. What ends up happening is security drift—people are left in groups that they don’t belong in and, therefore, retain access to confidential files that they should not have. Additionally, it’s easy to accidentally choose the wrong group settings when configuring your group. If your group is mistakenly made public, anyone is able to access and join your group, putting your data and security at risk.
Why it matters
When groups are misconfigured or people remain in groups they shouldn’t be in, this can result in inappropriate access to data and exposure of sensitive or confidential data.
How to solve it with BetterCloud
Group misconfiguration is a problem Khalid runs into with almost every customer he works with.
Khalid walks us through how to solve for group misconfiguration with BetterCloud. Not only does BetterCloud give you visibility into group settings, but it also gives you the ability to create alerts that will notify you when an external person is added to one of your groups.
Poll question: How do you currently keep track of external guests in your groups/channels?
Forty percent of our respondents use a manual process to keep track of external guests in groups, and an additional 20% don’t keep track at all. As Batista explains, “It’s a tough nut to crack.” He’s right. Unless you have a SaaS Operations Management platform in place, tracking group memberships is time consuming and difficult to stay on top of.
3.) Data sharing
How it happens
Data sharing is the most prevalent insider threat that we’ve seen. It’s very easy for an end user to accidentally misconfigure share settings, thus accidentally exposing company data.
Why it matters
Improper data sharing poses a huge threat to your company. It can result in data exposure, compliance fines, loss of intellectual property, loss of customer trust, negative press, brand reputation damage, drop in your share price—the list goes on, but in short, the negative repercussions could irreparably damage your business. Understanding how your data is shared is a vital step in managing your environment.
Our solutions engineers have seen improper data sharing in many of our customers’ environments—they have countless examples, both malicious and innocent, of improper data sharing and the implications it has for organizations.
One haunting story of data sharing gone wrong comes from a daycare. While Khalid was working in their environment, he found 15,000 pictures of young children shared publicly. Teachers had been sharing photos with parents, unaware that their share settings on the files made them public to anyone on the internet. This incident was a combination of a lack of education on the teacher’s side and a lack of visibility on IT’s side. However, this seemingly simple mistake put the privacy of children and the trust of the parents at risk.
How to solve it with BetterCloud
Determining if and where you have data shared is not always easy, but it is crucial in protecting your company. BetterCloud enables you to see who has shared what documents and automatically remediate any data exposures.
Poll question: Do you have a way to determine if you have any confidential data shared publicly?
Thirty-eight percent of our respondents either don’t have a way to determine if confidential data is shared publicly or aren’t sure if they do. While SaaS applications don’t natively give you much visibility into your environment, it is necessary to find a way to determine how your data is being shared.
IT often has no choice but to make people super admins, since SaaS admin roles are natively binary. When a user requests elevated permissions, it’s not uncommon for the IT admin to grant that access and forget to take it away once the end user no longer needs it. To make things more complicated, there is no easy way to track permissions. This is how companies end up with too many super admins.
Why it matters
The least privilege model is best practice when it comes to super admins because each additional super admin you have in your environment increases your attack surface. The ability to have eyes on the number of super admins you have is vital in order to make sure you have thorough security in your SaaS environment.
How to solve it with BetterCloud
Excessive permissions are something that we see in almost every environment. Luckily, there is a three-part process you can set up in BetterCloud to help you remediate this problem.
Granular access roles allow you to give users the access they need to do their jobs, while also ensuring that no one has unnecessary elevated permissions.
Poll question: How are you managing who has admin access across your SaaS apps today?
The majority of admins (68%) are manually managing admin privileges across SaaS applications. Not only is this incredibly time consuming, but it’s also difficult to track even if you have the time to spare. This means that users with excessive access oftentimes slip through the cracks, leaving your workplace more vulnerable to attacks.
To learn more about how BetterCloud can help you detect and mitigate insider threats, request a demo.
Our customers are IT professionals. So if they encounter an error in our product, they need fast, effective technical support in order to get back to supporting and securing their organization. This is why we strive to provide world-class support to our customers, and what inspired Proactive Support. We want our customers to know that we value their experience and understand that their time is critical. No other software company does support the way we do, because no one is as dedicated to delighting their customers as much as we are.
The pain of traditional support
Traditional support is usually reactive: You only get help after you reach out with a problem.
The entire experience is a hassle. You run into an error and try to self-solve. Eventually, you accept that you need to contact support, but figuring out how can be a struggle in itself. Then you have to explain your issue, which is time-consuming. Of course, that begins the struggle of waiting for a response, clarifying what’s happening on your end, having the ticket escalated—you know the drill.
When all is said and done, the average customer support ticket resolution time is 3 days 10 hours. Often, it’s just so much easier to say “forget it” and leave your problem for another day. Help can be hard to ask for, even if it means just opening a chat box.
Proactive Support: personally addressing your specific problem before you even ask for help
At BetterCloud, we’re changing the customer support model. We proactively help you before you even reach out to us.
We have a support agent on the team who actively monitors the errors in the application. If you encounter an issue, we can offer help for your specific problem before you even think of submitting a ticket or, better yet, before you even know you have a problem. After being helped by Proactive Support, a customer told us that we gave him “support before I even knew I needed it.”
A significant percentage of our support interactions are proactive, not reactive. Proactive Support takes away the burden of reaching out and describing what you’re experiencing. It makes support as painless as possible, and it’s something many customers have never experienced before.
“I’ve worked in IT for over 25 years and have never had a vendor support agent proactively reach out to check if I was having a problem. After having a series of issues with BetterCloud, I was just going to write it off as a bad day and get on with something else. Your Proactive Support agent contacted me to ask what was happening, and he resolved the issues as quickly as he could. I am very impressed,” said one customer.
Proactive Support instantly saves you hours of work
IT teams are typically lean and very busy, tasked with accomplishing a lot in a limited amount of time. So when IT admins run into an error message, they don’t always think to contact us. They move onto another task.
“When we reach out to customers right away and immediately start troubleshooting, we save them the time that they don’t have,” says BetterCloud’s Director of Technical Support Chris Fadell.
One customer told us, “Very good service. I didn’t expect for tech support to just jump on a chat. They probably saved me an hour of work.”
Another customer said, “Amazing! Ethan reached out very quickly after I started having issues and was able to pinpoint the issue. Great service!”
Our support team is extraordinarily fast. They can see what’s happening in real time and reach out seconds to minutes after an error occurs. In fact, our average resolution time for proactive chat is 20 minutes.
Fulfilling our customer promise, and always striving to delight
You may be wondering why we go out of our way to open more tickets, which is the complete opposite of what most companies want to do. It all comes back to our customer promise: We empower our customers by sharing expertise in SaaS management and security, driving success with delight, and ensuring a trusted experience.
One impressed customer told us, “I didn’t even reach out for help. Ethan noticed that something wasn’t right on the site and reached out to me. His customer service always stands out as being top notch.”
Our CEO David Politis explains how Proactive Support sets us apart:
“[Proactive Support] has been a competitive advantage because most people are running [support] the old way. For [traditional support teams], things like adding chat and opening more tickets are viewed as very, very bad. They refrain from doing it, thinking they need 20 more people to do it, but for us, it’s become part of our DNA.”
That’s because our entire company is committed to delighting the people who depend on our product to help them do their jobs successfully. In fact, we have three guiding principles at BetterCloud: Enjoy the journey and learn from it, work hard with a sense of purpose, and always strive to delight.
“It’s the last principle that has transformed our support into what it is, encouraged the team to be innovative, and set the support bar high,” says Fadell.
“Being able to delight the customers as much as we can when they have a bad experience, like running into an error or a bug, is always our goal. We’re there to help them get that sorted out and back on track. So as much as we can help, we want to,” adds Fadell.
Delighting our customers is integral to BetterCloud’s mission, which is why we love hearing things like, “THIS is how you do customer support!!!” and “I’ve never had such great proactive support in the past. I’m beyond words :)”
Us vs. the other guy
Our Proactive Support is entirely unlike what other companies call proactive support.
At some companies, proactive support means posting about a bug update or product issue on a status page. While this is helpful, it’s very broad and still puts the burden on the customer to visit the status page to see what’s going on.
“Our Proactive Support is very different. We narrow it down to a specific customer and a specific problem, and then reach out to them about their specific incident. It’s a personalized experience that offers a resolution right then and there,” explains Fadell.
Additionally, our Proactive Support applies to global issues as well. While doing Proactive Support one day, our agent noticed that there were a number of errors coming from Google Drive transfer failures. Google had unexpectedly changed an API that was causing this action to fail in BetterCloud.
While our engineers worked to fix the roadblock, our Proactive Support agent reached out to customers to let them know what was happening. No one came to us first with that problem; we were able to proactively let customers know why their transfer had failed and that they could expect a solution from us shortly.
So while other companies may say they’re doing proactive support, no one is really doing it quite like us (yet).
BetterCloud may be the only company that does thorough Proactive Support right now, but we believe that this is what the future of technical support looks like. After all, it’s what all of our customers deserve.
The rise of user mobility and SaaS application adoption have drastically changed the landscape for access and security: More people are accessing more resources from more locations and more devices. Organizations must ensure that all users around the globe—whether remote employees, customers, partners, or contractors—can securely access data and protect applications anywhere.
To enable mobile and cloud experiences without compromising security, many organizations have shifted their security strategy away from focusing only on the network. Rather, they have begun to focus on the user, including their behavior, devices, interaction with resources, and other user context.
This “Zero Trust Security” framework assumes that no user is coming from a trusted network or trusted device and should therefore be given unbridled privileges. Instead, IT and the security team validate the identity of the user at the point of access to ensure unauthorized users never gain access to an organization’s restricted systems or applications.
Adopting a Zero Trust security model
As the leader in identity and access management, Okta has championed the Zero Trust model and has been recognized as a strong performer that enables organizations to securely embrace the rise of cloud and mobile adoption by moving away from a network-based perimeter, and instead evaluating the context of the user and device before granting access.
However, security should not end at access. Once access is granted, IT still needs to ensure that the user has the right privileges, not only to the application itself, but also within the application. Should a user be allowed to share certain resources within Box or Google Drive? What types of files are shared within Slack? Can I create custom admin roles within G Suite? Okta has partnered with BetterCloud, a leader in SaaS Operations Management (SOM), to extend securing user access to also securing user interactions within applications themselves. Organizations large and small now look to Okta and BetterCloud to secure both their users’ connections and interactions across their entire digital workplace.
Managing SaaS application interactions to prevent insider threats
Though a user is “trusted” within the organization and interacts with only other “trusted” users (e.g. employees, partners, customers), it’s still possible that the user exhibits untrusted behaviors which can compromise an organization’s data once access has been granted. This is often done without malicious intent. In fact, a recent survey by BetterCloud shows 62% of respondents believe that their biggest security threat comes from well-meaning, but negligent employees. Managing user interactions within applications is an important step in securing your users.
But many IT and security professionals are unaware of these blind spots. The proliferation of SaaS creates new ways for users to expose data. Content sharing permissions and configurations are complex. And even if IT knows they are missing something, they have no easy way of understanding what data is exposed within their SaaS applications and how to plug those holes. As employees collaborate freely through SaaS applications—from any place, at any time—SaaS is turning into a new threat vector for insider threats.
Okta + BetterCloud: Enforce policies that secure user interactions
Together, Okta and BetterCloud give you the flexibility to protect against insider threats by providing complete visibility across your SaaS environment—right down to the data assets and configurations of SaaS apps. Okta provides secure access into your SaaS apps along with proper provisioning, while BetterCloud gives you visibility into how your SaaS apps are being used, along with mechanisms to secure them.
With Okta + BetterCloud, not only can you create alerts for the events that actually matter to you, but you can also create automated workflow policies to remediate security concerns.
This means organizations of all sizes—whether 100 or 10,000 employees—can now connect security insights from user interactions within Okta and popular SaaS content-sharing apps to detect and remediate insider threats. For example, you can remediate Box misconfigurations and remediate Google Groups misconfigurations. Misconfigurations like these are no one’s fault; they occur because of the variety and complexity of settings that exist in SaaS applications.
Learn more about securing user connections & interactions
The digital workplace now presents a new generation of insider threats. Okta and BetterCloud
have you covered. If you’d like to learn more about how mutual customers are benefiting from their use of Okta and BetterCloud together, hear directly from them in this customer panel video
from Oktane19, or contact us here.
Like a kingdom ruled by an absolute monarchy, our great IT leader, the CTO, could deploy rules that would govern the perimeter of our castle.
The IT kingdom provided the services to be used. Our strategically placed, high vertical walls ensured these were the only services the people of the kingdom had access to. There was one way to share files, one username, and one password. The concern for piggyback intruders was minimal as we could visibly see who was trying to compromise the walls.
But just like castles fell in the 1300s because of the evolution and enhancement of gunpowder, our technology perimeter has fallen with the evolution and enhancement of SaaS and cloud-based services.
The “ease of use” design elements present in nearly all SaaS and cloud platforms have given all of your co-workers the ability to set up and use these services without in-depth technology training. This has created a rapid expansion of services that you as the IT administrator can no longer see or secure.
Throughout history, even recent history, we can trust that evolution will continue to disrupt the way we work. As technology has evolved, we embrace innovation.
As much as we would all love unlimited budgets to embrace the perfect security model, we all recognize there is a practical evolution to our own versions of perfection.
Without our walls, without the perimeter to limit access to services, we must evolve to introduce cloud enablement. We must implement new ways to provide protection so we can embrace the cloud with minimal risk to the kingdom.
Over the next 90 days, let’s take an objective-based approach to evolving our perimeter management.
Objective #1: We will discover and inventory 100% of cloud services and cloud assets.
The result of this objective is the following:
Create a measured baseline of what we know by creating an inventory of what we have.
Create prioritization for future phases of your cloud enablement strategy.
Drive governance for immediate high risks and how these risks might be resolved.
Start with the core question of “What cloud services do we use?”
Understanding what your company is already using is a minimum requirement to begin to prioritize and manage your landscape. With this question, you can survey your teams to find these services.
Audit your accounting records for reoccurring subscription services to cloud or SaaS providers. Audit employee reimbursement transactions to find where employees may have paid for services directly. Leverage any existing web monitoring you have in place to search well-known cloud/SaaS providers. Create a list of services you discover, including who the primary contact for the service is, what the service is used for, and what type of information is stored there.
Once you understand this expanded landscape, you can pivot or accelerate to resolve the challenges ahead of you.
Objective #2: We will understand and administer 100% of people access (user access).
The result of this objective is the following:
Removal of any former employee or unnecessary access to services.
Formal processes to provide and manage access to services.
New metrics for privileged user access such as:
Number of people with elevated access
Number of orphaned accounts
Password policy effectiveness
Again, start with a core question: “How can I remove unauthorized access to services?”
This is important to ask because whoever provided access to this service likely did not consider that access would ever have to be removed, nor are they removing unneeded access. By highlighting that there is an unmeasured, unknown high risk in privileged access management, you can drive your team to gain access to discover services and gain administrative access to these services.
Since the teams already leveraging SaaS and cloud are not maintaining metrics specific to access management, you can further caution the unknown high risks by advertising the gap in reporting. Ensuring that you and your organization can centrally report on access management is the only way to provide transparency in this area and truly measure how much risk your organization has.
Objective #3: We will select and procure a tool to provide continuous visibility into cloud services and people access.
The result of this objective is the following:
Automate future needs to rediscover cloud services and cloud assets.
A dashboard for measuring key risk indicators in cloud enablement including:
Baselines and targets for future phases of your cloud enablement strategy including:
Targets for undetermined risks you have not considered
Baselines for ways to increase the efficiency and uptime of service use
Our primary question for objective #3 is “How can I show transparency of our cloud footprint?”
Your peers should be aware of everything you know or do not know about the cloud and SaaS use in your organization. As an IT leader, it’s important to continuously provide this information. Other business leaders are looking to you to understand how to best use these services and what types of risks are associated with them.
You can provide this transparency by reporting what you know and potential challenges in the current state. For example, which cloud services or SaaS platforms are you aware of, but do not currently have administrative access to? What are the top five immediate risks to your organization because of how cloud services or SaaS have been used? What are the immediate projects required to mitigate risks recently discovered in your cloud and SaaS platforms?
Jump into your next 90 days with this actionable plan. At first glance, these three objectives may seem simple and attainable. Ninety days may seem like too much time to accomplish this.
But as I said earlier, “We can trust that evolution will continue to disrupt the way we work.” In this case, we can trust the evolution of our people in that they’ve evolved to avoid any IT administration of their cloud services. As you and your team step forward to discover these services, prepare yourself for the quantity, complexity, and duplication that has been created in the landscape surrounding you.
BetterCloud is committed to helping you implement a least privilege model—a security best practice—in your SaaS environment. A least privilege model delegates the minimum amount of access necessary to a specific user. It is critical to ensure that users only have access to what they actually need, since excessive privileges can increase the risk of a security incident or data breach.
The first steps in implementing the least privilege model are setting up granular access roles
and creating a policy that automatically remediates excessive super admin privileges (like we outlined in this product tip). The next step is using time-based roles. This enhancement allows IT to restrict delegated privileges to specific time intervals so that people only have elevated access when they need it.
Here are three popular use cases:
1. Delegate access temporarily when a super admin goes on vacation
Time-based roles are useful when a super admin is on vacation. They can delegate access to another team member for the set period of time that they will be away. This ensures that work won’t slow down while they are out of the office and that no one retains elevated access for longer than they need.
2. Give auditors or contractors temporary access with an expiration date
Additionally, IT can give auditors or contractors access (for example, to export audit logs or download files from their CRM) for a set amount of time. However, because they are external users, it’s especially important that their access expire once they’ve completed their work. Time-based roles give IT admins the ability to pre-set an expiration date for auditors or contractors.
3. Give help desk admins access only during weekday work hours
Time-based roles can also be used to set daily restrictions on what hours admins have access to elevated privileges. If you don’t want users to have access to their BetterCloud privileges after a certain time of day, you can use time-based roles to enforce this policy. This limits access for help desk admins who should not be logging in outside typical work hours. For example, it can help prevent privileged access abuse, unsanctioned changes made over the weekend, etc.
Creating time-based roles in BetterCloud is simple. Once you select “New” in the “Privileges” tab, you are able to configure the role to your liking. You can schedule the access expiration date or set daily custom restrictions, depending on your business requirements.
For more information on this use case, check out this article in our Help Center.