As organizations rely more on SaaS applications to store sensitive data, the security stakes have never been higher. Beyond file storage in platforms like Google Drive or OneDrive, SaaS applications also house a wide range of sensitive data: meeting records in Zoom, private communications in Slack, legal documents in Docusign, source code in GitHub, customer personally identifiable information (PII) in Salesforce, financial data in NetSuite, and much more.
These applications offer a range of data-sharing functionalities, enabling users to share data both internally and externally or connect it to other third-party applications through integrations. With these capabilities, however, comes a heightened risk landscape that requires vigilant data security.
To address these risks, Valence is excited to announce a new integration with Cyera, a leader in Data Security Posture Management (DSPM). By combining Valence’s SaaS Security Posture Management (SSPM) capabilities with Cyera’s insights around sensitive data, we’re empowering security teams to manage SaaS security with greater context and precision.
What is Data Security Posture Management (DSPM)?
Data Security Posture Management is a modern approach to securing sensitive information in the cloud. Introduced as a formal category by Gartner in 2022, DSPM solutions were developed to meet the unique needs of cloud-native environments and address the limitations of legacy data security tools. DSPM identifies, classifies, and assesses risks associated with sensitive data—such as personally identifiable information (PII), personal health information (PHI), financial records, intellectual property, and more—while offering insights into security and compliance challenges.
One of Cyera’s Data Security Platform’s core capabilities is its DSPM engine, which classifies and monitors sensitive data across various environments, including cloud-based and SaaS applications. Cyera’s support of SaaS applications, in which some of the most sensitive data is stored like Google Workspace, Microsoft 365, Salesforce, and Box, among others, enables security teams to quickly identify and understand where sensitive information, like PII and financial data, resides within their SaaS environments.
Data Security Challenges in SaaS
Data security is complex. Traditional data loss prevention (DLP) solutions were primarily designed for on-premises environments, and not for the cloud. In fact, Cyera’s 2024 DSPM Adoption Report reveals that 87% of organizations find their current data discovery and classification tools inadequate, underscoring a significant gap in visibility and control over sensitive information.
SaaS applications present distinct security challenges due to distributed ownership and complex permissions. Risks of data exposure rise sharply when misconfigurations occur alongside sensitive data shares, excessive privileges, or overly-permissive SaaS-to-SaaS integrations—risks that often go undetected without comprehensive visibility into both the SaaS environment and associated sensitive data.
Consider these real-world cases of sensitive data exposure through SaaS misconfigurations:
- Ateam’s Google Drive Misconfiguration - Japanese game developer Ateam inadvertently left sensitive data of nearly one million individuals exposed for over six years due to a Google Drive setting configured to "Anyone with the link." This setting essentially removed access controls, allowing open internet access to files containing names, emails, phone numbers, and customer management numbers, available to anyone who found the link.
- Microsoft’s Midnight Blizzard Breach - Attackers exploited multiple misconfigurations in Microsoft 365, leveraging an unprotected test tenant lacking MFA. From there, they accessed an OAuth token with elevated privileges, granting access to corporate mailboxes. The attackers then created additional malicious OAuth apps to escalate access within Microsoft’s corporate environment, a “toxic” attack chain that enabled deep infiltration.
Valence’s integration with Cyera provides CISOs with a consolidated view to assess and remediate these risks across SaaS applications. By integrating Cyera’s DSPM capabilities into Valence’s SaaS Security platform, Valence customers can close these security gaps, delivering a more holistic and proactive approach to SaaS security.
Enriching SaaS Security with Data Context Through Cyera Integration
The integration with Cyera brings critical data security context and classification to the Valence platform, allowing organizations to manage SaaS security more effectively by correlating data sensitivity with SaaS risk posture. With Cyera’s data classification insights seamlessly integrated into Valence, customers can now identify, assess, and prioritize SaaS risks with enriched data visibility. Key benefits of this integration include:
1. Enhanced SaaS Risk Scoring with Data Sensitivity Context
Valence’s SSPM capabilities provide risk scoring for each SaaS application risk, allowing security teams to prioritize and address the most critical first. With the Cyera integration, these risk scores are enriched with data sensitivity insights. Valence can now analyze the sensitivity of data exposed through various risk points—including external data shares, inactive or over-entitled accounts, high-privilege third-party integrations, and weak authentication. By correlating the data sensitivity with the exposure level, security teams can focus their efforts on the highest-risk assets.
2. Advanced Risk Remediation for Data Misconfigurations in SaaS
Valence’s platform delivers a range of powerful remediation options, from automated workflows to guided, user-driven actions, allowing organizations to address sensitive data risks across their SaaS applications with precision. With the additional data context from Cyera, Valence enables users to take remediation actions on SaaS sensitive data risks directly from the Valence platform. For example, files containing PII shared externally via Google Drive or OneDrive can be flagged and automatically revoked if they remain inactive or shared with unauthorized users for over an extended period (e.g., 60 days). Additionally, Valence provides guided remediation steps, direct one-click fixes within the platform, and collaboration tools to engage business users when necessary, ensuring that security teams have the flexibility to address risks effectively without manual intervention in each SaaS application.
3. Enhanced Identity Threat Detection and Response (ITDR) for Sensitive Data Protection
Beyond preemptively remediating risks, Valence excels at detecting real-time threats. With the more enhanced sensitive data risk context, Valence’s ability to monitor and detect suspicious activities within SaaS environments becomes even more impactful. By combining Cyera’s data sensitivity insights with Valence’s identity monitoring, organizations can detect anomalous behaviors—such as privilege escalation attempts, excessive permissions granted to OAuth tokens, or high-volume, high-frequency data-sharing activities. This enables security teams to identify potential data breach attempts and address threats proactively, protecting sensitive information.
For both current Valence customers and those considering SSPM or SaaS security solutions, the Cyera integration represents a powerful addition to Valence’s platform, strengthening its capabilities and addressing the gaps commonly found in non-integrated traditional security solutions.
As SaaS adoption continues to grow, so do the challenges of securing sensitive data in the cloud. Valence’s integration with Cyera empowers security teams to safeguard sensitive information in SaaS environments with unmatched precision and efficiency.
To see the Valence-Cyera integration in action, schedule a demo today.
.jpg)
