Case study

Valence Reduced Highspot’s SaaS Data Exposure by 55%

Founded in 2012, Highspot helps companies worldwide improve the performance of their sales teams by turning strategic initiatives into business outcomes. Their unified sales enablement platform gives revenue teams a single solution to elevate customer conversations and drive repeatable revenue, bringing together native content and guidance, training and coaching, and engagement intelligence – all supported by actionable analytics.

Highspot removed 55%

of unnecessary external SaaS data shares, automatically, without slowing down the business
of inactive tokens without any manual effort.
Highspot
Industry
Sales enablement platform
Company Profile
  • Founded in 2012
  • ~1000 Employees - global workforce
  • Raised $645m
  • Multiple SaaS applications
Solution
Valence SaaS Security Platform

Challenges

Data Share Analysis and Cleanup

Highspot’s employees are empowered to share data as necessary to collaborate with external partners, customers, and other third parties. This flexibility has enabled Highspot to grow at a phenomenal rate, reaching a $3.5 billion valuation in just 10 years. However, growing this quickly can come with negative consequences, and Highspot’s security team suspected they might have some challenges with employees setting overly broad permissions for external data shares. 

Two common issues with external data sharing: sensitive company data gets shared outside of the organization, and data that should be shared externally with partners and contractors never gets unshared once it is no longer needed. The biggest challenge, however, is the breadth and scale of data sprawl and external sharing across SaaS platforms. Data sharing is often associated with SaaS file storage products like OneDrive, Box, Dropbox, and Google Drive. However, nearly every modern SaaS application has a method for sharing data externally – GitHub, ServiceNow, Salesforce, and even Zoom (where saved recordings can be publicly shared) could leak sensitive corporate data.

Highspot’s SaaS Environment

Highspot has multiple use cases. As a cloud-born hyper-growth startup, they are reliant on modern productivity and collaboration tools and automation – most of which reside within SaaS platforms. Their primary productivity suite is Google Workspace, with a fairly sizable Microsoft 365 footprint as well. Additional SaaS applications used for CRM, source code management, project management, HR management, and others form a complex SaaS mesh of interconnected SaaS applications.

Understanding the scope of external access to sensitive data hosted in SaaS platforms
Offboarding former employees while safely cleaning up integrations and access to data
Enforcing least privilege access to data and APIs by removing unnecessary third-party access
Why Lionbridge Chose Valence to Remediate their SaaS Security Risks

The problem is, sensitive data is easy to share with external parties, but no one ever thinks to unshare it when no longer needed.

Solution

The Aha! Moment

Highspot leveraged the Valence SaaS Security Platform to assess its SaaS security risks. The agentless platform scanned Highspot’s core SaaS applications and was immediately able to provide visibility into how these SaaS applications are configured. The Valence findings included insights regarding dormant accounts, unauthorized third-party integrations, unmanaged identities, misconfigurations, and of course - externally shared data.

The Highspot security team prioritized data security and removing unnecessary externally shared data as a key focus area. The challenge was how to scale remediating a large risk surface with limited security resources. The team decided to leverage Valence’s automated remediation workflows. The business was originally reluctant to allow automated SaaS remediation, as it was nervous about disrupting employees. The first day after enablement, however, 38% of Highspot’s external data shares were removed. The impact was zero - there wasn’t a single disruption to users or business continuity.

Quote

“Valence provides insight into our key SaaS platforms that they should provide themselves but don’t. And pulling together the data, helps us surface and remediate risks with little time and effort that we’d be hard pressed to find with our SaaS applications alone.”

Peter Oehlert, Chief Security Officer

Results

Enabling policies to remove idle and unused data shares was easy and quick. Highspot was interested in seeing the impact of these automated policies over time, however. Would data shares rise back to record levels, or would these policies keep them in check? Employees continue to share data, but after six months, the total number of external data shares has continued to decrease at a rate of 6% per month. Over time, the risk surface decreased by 55%.

Ongoing, Highspot has fully automated remediation, replacing previously manual processes. With data share policy enforcement now on auto-pilot, the security team is free to explore their next SaaS security challenge and find other risks to address.

Immediate reduction of externally shared Google Drive files by 38%
Over time, an automated policy reduced external data access attack surface by 55%
Creation of a single source of truth for SaaS identities, integrations, data, and configurations
Established a common platform for IT, security, and business admins to collaborate and enhance security

Benefits

Enable Business Productivity

Automated data security remediation efforts without creating additional work for the security team

Enable Business Productivity

Established a lifecycle for managing externally exposed assets

Enable Business Productivity

Accurate and actionable data collection enables automated policies to remediate risk without impacting business users

Enable Business Productivity

Streamlining user offboarding with minimal impact on business processes

About Valence Security

Valence is a SaaS security company that enables visibility into SaaS risks and automates remediation. The Valence platform manages risks associated with data shares, SaaS-to-SaaS integrations, identities, and other misconfigurations. Customers can leverage automated workflows to collaborate with business users to contextualize and remediate risks.

About Valence security
Valence Security: Collaboratively remediate your SaaS security risks.
611 Gateway Blvd Ste 120, South San Francisco, CA 94080
Platform
Platform Overview
SaaS Security Posture Management (SSPM)
SaaS Risk Remediation
Identity Threat Detection and Response (ITDR)
Use Cases
SaaS Configuration Management
Manage Misconfigurations and Drift
Comply with Industry Standards
SaaS Identity Security
Ensure Strong Authentication
Review User Access
SaaS-to-SaaS Governance
Govern Non-human Identities
Discover Shadow AI
SaaS Data Protection
Reduce Data Exposure
Identify Exposed Data
SaaS Threat Detection
Detect SaaS Threats
Hunt SaaS Threats
Resources
About
Schedule a Demo
Contact Us
info@valencesecurity.com
Login
Valence Linkedin profileValence Facebook profile
Copyright © 2024 Valence Security | All rights Reserved | Privacy Policy | Terms of Use |