This website requires Javascript for some parts to function propertly. Your experience may vary.

AppOmni: The Rosetta Stone of SaaS Security | Cisco Investments

AppOmni: The Rosetta Stone of SaaS Security

Prasad Parthasarathi's avatar

Prasad Parthasarathi

Imagine this scenario: you start talking to someone only to realize a few seconds in that they have absolutely no idea what you’re saying. You’re speaking English, when they only speak Hebrew. Then a third person joins in the conversation speaking a third language, Tamil. Soon, it’s mass chaos and frustration. While all three of you may be saying similar things (maybe discussing the Golden State Warriors’ epic win in the NBA Finals), you have no way of knowing because you’re not speaking a common language.

Today, every SaaS platform has their own language for logging, access controls, API integrations, and third-party applications, making it a nightmare for even the most capable of security teams to translate across the 150+ SaaS applications running in a typical enterprise. So, what if there was a universal translator for SaaS systems?

This mission – to build the “Rosetta Stone of SaaS Security” – was the foundation for AppOmni, founded in 2018 by Brendan O’Connor and Brian Soby. Over the past four years, the AppOmni team built a market-leading SaaS Security Posture Management (SSPM) platform focused on providing centralized visibility, unmatched data access management, and security controls to protect data across every type of SaaS application.

Today, Cisco Investments is excited to announce our strategic investment for the next stage of AppOmni’s growth.

Security for the Wild, Wild West of SaaS

Within a typical organization, you might find that the sales team uses Salesforce, HR uses Workday, IT uses ServiceNow, and R&D uses GitHub, Confluence, and JIRA. The problem is that the security teams do not have a singular lens for how the applications are being configured, who is accessing what data, and how the applications are connecting with each other. And the problem is only growing. In fact, according to IDC, SaaS app spend is estimated to reach ~$300B by 2025.

This massive adoption of SaaS has created a significant breach vector for attackers. SaaS applications are significantly underserved and exposed relative to network, endpoint, and users, which are addressed by scaled security architectures. Network and perimeter centric architectures simply do not transition to cloud-centric environments. Securing SaaS requires an understanding of how SaaS apps are architected and how they communicate with each other, as well as the potential dark alleys and blind spots. In essence, you require teams that are steeped in building SaaS architectures. This is where AppOmni steps in.

When talking about AppOmni’s approach, CEO O’Connor describes it this way: “Most enterprise applications today have a hub and spoke model. So, when you think about something like GitHub, GitHub is a SaaS application, but there are hundreds if not thousands of other integrations, bots, workers, and connectors, that plug into GitHub. All these tools exist to add value on top of the system of record. So, AppOmni starts by looking at what are the systems of record in the enterprise. I like to use the analogy of planets - they're big, heavy, and have gravity around them. Each application from GitHub to Salesforce has hundreds, if not thousands, of moons and satellites that are orbiting it. So, first, we focused on adding all the ‘planets,’ the major SaaS platforms. From there, we cover the galaxy of apps that connect with it.”

.
AppOmni CEO and Co-founder, Brendan O’Conner

Taking this approach, AppOmni provides full situational awareness, helping organizations perform an immediate inventory of what’s connected, which users are accessing it, which API keys and OAuth tokens has it issued, and more. Once you have this visibility, organizations can then set guardrails in place.

“In many ways, SaaS is still the Wild, Wild West,” says O’Connor. “We find that less than half of integrations in our customer’s SaaS cloud environment are known or approved by security or IT. That’s a serious visibility and control problem that the organization may not even be aware of. With AppOmni, within thirty minutes, we can give them that visibility.”

.
AppOmni (l to r): Kathleen McKinnon, Brian Soby, Brendan O’Connor, Kendall Costa, Allan Kristensen, Tim Bach, Michelle Jones, Brandon Conley

Why We Invested in AppOmni

When our Cisco Investments team met AppOmni back in April of this year, there were a few things that immediately stood out.

First: the leadership team. Both O’Connor and Soby come from strong SaaS security backgrounds, with O’Connor serving as Salesforce’s CISO and ServiceNow’s CTO for the security business while Soby led product security teams at MITRE, Salesforce, and Taulia.

Second: our shared vision for Zero Trust. At both Cisco and AppOmni, we see Zero Trust the core pillar for securing access across every application and environment, from any user, device, and location. AppOmni is extending Zero Trust past initial user authentication for continuous trusted access. Many enterprise customers are deploying best-in-class MFA from Cisco Duo. In addition to MFA security, these customers can deploy AppOmni to provision in-app session monitoring, security and compliance. This would enable end to end security from initial SaaS app authentication to session end.

Last is their amazing customer traction. Not only can AppOmni demonstrate immediate proof of value – a big perk for security teams – but they also have stellar customer retention. That’s because, as O’Connor puts it: “We promise to our customers that we will make them successful and that we will truly help them solve their problems. It’s simple, but that’s why they return year after year.”

What’s Next for AppOmni

Cisco Investments is excited to support AppOmni in their growth phase, as they propel product development, accelerate their SaaS application roadmap, and add functionality to their Developer Platform.

When I asked O’Connor about what he sees next for AppOmni, he said, “We named the company AppOmni for a reason. Omni means ‘all’ and with the launch of our open developer platform, we are now able to secure all SaaS apps regardless of whether they’re licensed from a vendor or custom built in-house. A few years from now, we hope to see the AppOmni developer platform being used by thousands of organizations to share best practices and make SaaS ecosystems more secure for everyone.”

If you’d like to learn more about AppOmni and happen to be attending BlackHat, I highly recommend you swing by their booth to meet this impressive team and learn about their technology. You will walk away knowing how to add the valuable SaaS language to your linguistic repertoire.