Identity-First SaaS Security to remediate toxic combinations of risk

Post Image
Research Reveals Rapidly Expanding Identity-related Attack Surfaces in Organizations 

Tel Aviv, Israel –

Savvy, a software-as-a-service (SaaS) security platform provider, today announced its Identity-First Security offering that uncovers risks created by a toxic combination of identity access management (IAM) permissions, user behavior, and business context. Individually, these elements may appear benign, but together pose extreme organizational risk that can lead to data breaches, financial loss, compliance violations and brand damage. Armed with comprehensive visibility into SaaS applications, as well as associated user and app identities, security teams can now discover and remediate the most egregious identity risks in real time. 

Rapidly growing SaaS adoption and associated risks require a significantly different and deeper level of visibility and control than exists today. According to Stratecast and Frost & Sullivan, 80% of employees adopt SaaS apps without IT approval, which creates unbridled associated user and app identity risks that overwhelm traditional security processes and solutions. 

“Enterprise SaaS growth is empowering employees to be more productive, but is also allowing identity risks to grow unfettered because businesses have little-to-no visibility or control,” said Guy Guzner, CEO of Savvy. “Our platform helps organizations safely embrace all the benefits of SaaS by discovering the most damaging identity risks and then using our automation playbooks and just-in-time security guardrails to guide users at scale towards proper identity hygiene.” 

Savvy’s research revealed 400% more shadow SaaS apps than federated apps, and, of those, 60% of employees used weak, reused or compromised passwords. Savvy also found that over 35% of employees access federated SaaS apps directly, bypassing SSO and multi-factor authentication (MFA). In every organization analyzed, incomplete offboarding of app identities with access to sensitive data were discovered, a finding that has wide-ranging implications for regulatory compliance requirements.  

“Savvy’s free assessment revealed identities of former employees that I believed were offboarded but still had access to SaaS apps containing sensitive company information,” said Andrew Wilder, retained CISO and advisor for multiple organizations. “The offering allowed me to more effectively offboard users and properly maintain compliance. It also opened my eyes to just how many shadow identities existed across our organization due to third-party software.” 

Savvy’s Identity-First Security offering allows companies to identify the toxic combinations of identity risk including rogue administrators, compromised accounts, shadow identities, lack of multi-factor authentication (MFA), shared accounts, incomplete offboarding, direct sign-in vs. single sign-on (SSO), or risky and shared credentials. Once the platform provides visibility into an organization’s SaaS security posture, SSPM automation playbooks power interactive just-in-time security guardrails that guide users to resolve issues before they become an incident, reducing workload for security teams.  

To register for the companion webinar for a deeper dive on these SaaS security topics, visit

About Savvy 

Savvy’s SaaS Security platform provides organizations with unparalleled visibility into SaaS risks. Its just-in-time security guardrails automate security workflows to prevent potential incidents before they take place and provide suggestive guidance that empowers users to make smarter decisions. Savvy provides customizable security automation playbooks that empower security teams to automate responses to various user actions, engage users at critical decision points to prevent incidents, reduce event overload, and improve security outcomes. For more information, visit