JumpCloud this week updated its platform for managing software-as-a-service (SaaS) applications to make it simpler to discover and block usage of rogue unsanctioned software being accessed via the cloud.
Additionally, JumpCloud has tightened integration between an SaaS management platform it gained with the acquisition last year of Resmo and its directory for providing single sign-on capabilities.
At the same time, JumpCloud is also expanding its device management capabilities by adding monitoring, patching and application deployment tools that makes it simpler to manage and update software running across a fleet of devices.
The JumpCloud SaaS application management platform takes advantage of a browser extension developed by JumpCloud to provide visibility in usage and apply the controls needed to block access.
Serhat Can, director of product management for JumpCloud, said that in addition to making it simpler to rein identify instances of shadow IT that would lead to sensitive data being shared in a way that violates cybersecurity and compliance policies, the SaaS management platform from JumpCloud also makes it simpler for organizations to identify redundant usage of multiple SaaS applications.
Collectively, these tools will make it simpler for cybersecurity and IT operations teams to collaboratively rein in usage of SaaS applications that if left unmanaged increase cybersecurity risks and lead to higher total costs, said Can. That issue is only becoming more problematic as end users invoke any number of AI services such as ChatGPT with or without formal permission, he added.
Itโs not clear to what degree cybersecurity versus cost concerns are driving a renewed effort to rationalize SaaS applications, but as more of these platforms are targeted by cybercriminals there is an increased awareness of the need to reduce the overall size of the application attack surface. Many SaaS applications were adopted during the COVID-19 pandemic, often by different departments in the same organization. Cybercriminals soon discovered that stealing the credentials used to access these applications enables them to steal sensitive data simply by logging in as a legitimate user.
In addition, many of these applications have been misconfigured in a way by administrators that makes it relatively easy for cybercriminals to not only gain access but also exfiltrate data.
A recent JumpCloud survey finds 88% of respondents worry about unauthorized applications and devices expanding their attack surface, with 38% admitting they canโt even discover all applications in use. Clearly, many organizations have a long way to go before they regain control over their IT environments but as more organizations adopt platforms to centralize the management of IT, more progress will be made, said Can. In fact, more IT teams than ever are starting to appreciate how legacy tools and directories today prevent them from achieving that goal, he added.
Of course, as the tools for discovering rogue applications improve, IT teams still need to come up with the funding and resolve to apply them. Arguably, the biggest impediment to progress in any IT environment is, as always, simple inertia.
