The number of SaaS applications that can be integrated is still limited however, because many apps lack the necessary security logs, so the company has also initiated an industry-wide “I want my SaaS alerts” campaign to encourage software vendors to include security log data in their APIs.
Today, SaaS Alerts, a cybersecurity company which makes a platform with a rules engine purpose-built for MSPs that stops unauthorized activity in customer SaaS applications, is introducing App Wizard. App Wizard, which is a new capability inside the SaaS Alerts Manage module, lets MSPs integrate SaaS alerts with any SaaS business application having a viable API, to provide them with the same application protection now common given to the small number of top-tier vendors like Microsoft, Google and Salesforce.
“Our goal is to be able to see security logs in the APIs that tell us who is logging in, where they are logging in from, and what they are taking,” said Jim Lippie, SaaS Alerts’ CEO. “It allows an MSP to request an integration with a specific third party SaaS application. Once they make a request, within 72 hours we determine if there is a viable API. If there is, it becomes available to anyone who wants it, not just the organization that originally requested the API.”
Lippie cited the recent Okta breach as an example of how this solution is able to provide value to the MSP and their customers.
“As of this week, we are able to monitor Okta, so now the MSP is able to go to their customers, tell them about the Okta news, and say that they can monitor it for them. The MSP can then charge for that. We can also correlate it with other apps they are using like Microsoft 365. Once you correlate that data, you can look at it in a more meaningful way and directly hone in to where the threats really are.”
A major problem, however, is that many SaaS apps, including some widely used ones, do not presently have the ability to have viable APIs.
“This is because they do not have security log data in their APIs,” he said. “Quickbooks, for example, is the leader in the small business accounting space. Quickbooks Online has a robust documented API, but it doesn’t contain any of the security logs necessary for security log data. Xero, their main competitor, doesn’t have it either. Likely about 75% of SaaS apps today don’t have the public log data that is required.”
As a result, SaaS Alerts is addressing the issue with an industry-wide campaign, ‘I want my SaaS alerts,’ Its goal is to mobilize support that will encourage software vendors to add security log data in their APIs.
“The goal of ‘I want my SaaS alerts’ is to get 2500 signatures representing 250,000 small businesses by March 8 – which coincides with the end of the Right of Boom MSP cybersecurity event,” Lippie indicated. “The campaign will kick off next week.”
So given the importance of security log data, why do most software vendors still not facilitate it?
“There hasn’t been demand for it,” Lippie said. “It hasn’t been asked for it a lot in a meaningful way. SaaS has been around for a long time, but security hasn’t been an issue until more recently. So in the absence of a groundswell of support to do this, vendors chose to focus on new features and functions that would delight customers, and not on making security a priority.”
Lippie expects that MSP demand for this is likely to start slow, but then grow rapidly until it becomes ubiquitous.
“When we first went GA in January 2021, there weren’t a lot of folks talking about even protecting Microsoft 365,” he said. “We were evangelizing that, and today, it’s now pretty mainstream. I believe that when we look back at this three years from now, this will have become mainstream. It will start slow with more sophisticated MSPs. But three years from now, with most customers using SaaS applications, this will be the primary driver of value that the MSP provides back to their customer.”
Between now and January 1, any MSP who currently has an agreement with SaaS Alerts, or who signs up before January 1, will get AppWizard included for free for the remaining term of their agreement. For MSPs who sign up after January 1, the cost is $50 per application per customer per month.