How often does IT collaborate with Security? 

According to research—not enough. 

In fact, only 20% of IT pros said they frequently collaborate with their security and compliance teams. And that low number is an uncomfortable reminder of how siloed our organizations are today.

That research also found that they’re especially bad at collaborating on cloud app security. That’s a big problem because cloud apps are responsible for more and more of our daily work. In fact, we found that the average organization has about 600 apps in its ecosystem and it adds approximately 12 new apps a month. And, to make matters worse, only a fraction (often ~30%) of those apps are sanctioned vs shadow IT. 

That means that cloud apps represent one of the most pressing security threats to the modern organization.

What can we do? 

Better security around SaaS requires better collaboration. 

And better collaboration starts with better visibility. 

Whether your goals are financial, operational, or security, accurate data is the foundation of all subsequent actions. If IT is expected to uphold an effective Governance, Risk, and Compliance (GRC) framework, then IT needs the right tools to discover, rationalize, and secure cloud applications. 

That’s why Torii’s SaaS Management Platform is designed to give IT the features, tools, and insights to take on your company’s GRC initiative. 

5 Features to Improve GRC

In Torii, these five features will improve IT’s ability to work alongside their security and compliance teams. 

  1. Block access to data for 3rd party apps
  2. Application compliance certification
  3. All actions audit log
  4. AI-powered app discovery and mapping
  5. App risk levels

Block Access to Data for 3rd Party Apps

What is it?

“Keep out.”

You can put a sign on a door but can’t put it on the sign-up form for a closed app. Fortunately, with this feature, your data will remain safe from risky applications—even if employees signs up. 

Torii now blocks third-party applications from accessing data. This enhancement revokes employee permissions for unsanctioned apps linked through Google, resulting in better security and control over sensitive data.

How Does It Work?

When a user grants access to their data via Google Workspace, a token is created for the app. Torii receives updates for these tokens and revokes them by calling Google’s API. This fully-automated process is like manually removing an app via the Google interface but is managed directly through Torii. So IT can uphold security policies automatically.

Rather than playing whack-a-mole with risky apps, IT can implement permanent security fixes that: 

  • Simplifies the process of managing third-party app permissions
  • Prevents unsanctioned apps from accessing sensitive data
  • Strengthens control over shadow IT
  • Addresses key security concerns
  • Boosts IT’s ability to manage and secure the organizational data environment

This feature improves IT’s control over shadow IT and enhances organizational security by preventing unsanctioned apps from accessing sensitive data.

Application Compliance Certification

What is it?

Torii now displays which apps have crucial certifications like GDPR, SOC-2, and ISO 27001. Clicking on the certifications will take you to the application’s website page, where the vendor lists their certifications. This provides centralized insights for IT professionals to contribute to GRC (Governance, Risk, and Compliance) efforts.

Additionally, that compliance data can become a trigger or a branching option within a Torii workflow, allowing IT to automate aspects of security notices and reviews. 

Why it Matters

This feature aims to improve collaboration and alignment so that IT can help monitor risky apps without adding busy work. 

  • Centralized Insights: Access compliance certifications for your apps to support GRC efforts.
  • Quick Identification: Spot and manage non-compliant apps, switching to more secure alternatives as needed.
  • Automatic Alerts: Receive notifications when Torii detects an unapproved or non-compliant app.
  • Compliance-Based Workflows: Trigger automated workflows based on an app’s compliance status, enhancing your IT management efficiency.

All Actions Audit Log

What is it?

Every action, all in one place. 

The all-actions audit log is a comprehensive, filterable, and exportable audit log to aid GRC. With this log, IT can see every action taken in Torii. IT can also reference the audit log when troubleshooting workflow errors to get answers fast. 

Why IT Cares

  • Detailed Centralized Records: Shows all action types, triggers, statuses, application names, and more, providing a complete overview.
  • Advanced Filters: Allows filtering by action type, user, application, and workflow details for precise troubleshooting.
  • Easy for Auditing: Answer audit questions to meet compliance requirements.

AI-Powered App Discovery and Mapping

What is it?

Before you can take any action, you need to get visibility. 

Torii’s AI-powered app discovery maps every app in your ecosystem—including the unsanctioned apps. By using multiple discovery methods, we find over 600 apps in the average organization, most of which are shadow IT apps. You can also discover desktop apps via an agent-less integration with your MDM (such as Jamf, Intune, or Kandji, ensuring no app goes unmanaged.

How it works

  • Multiple Sources: IDP, SSO, Direct Integrations, MDM, expenses, and even an option browser extension—Torii pulls all that data to sift through the noise and surface your apps.
  • AI Sorting: View and adjust the matching algorithm so that you only see the apps that are relevant to you.
  • Set-up Notifications: Mitigate risks with alerts whenever a new app is added to your organization.
  • Automatically Send Questionnaires: Save time with a workflow that sends a questionnaire to the user whenever a new app is used.
  • Support Your GRC Efforts: Maintain transparency and control over your SaaS environment to contribute to governance, risk, and compliance.

Application Risk Levels

What is it?

Torii now displays OAuth risk levels for applications discovered through OAuth, assessing them based on the scopes users have granted. These risk levels provide insights into the potential security risks associated with each application. 

Additionally, these risk levels can serve as triggers for workflows and alerts within Torii so that IT can build automated security or governance processes based on the risk levels and compliance data for different apps. 

Why IT Cares

  • Detailed Risk Assessment: see which apps have read/write permissions for data
    • High: Apps with modify access
    • Medium: Apps with read-only access to sensitive data
    • Low: Apps with read-only access to non-sensitive data
  • Informed Decision-Making:
    • Understand and manage application risks more effectively.
  • Support for GRC Efforts:
    • Centralized insights contribute to Governance, Risk, and Compliance management.

Empowering IT for GRC

Effective collaboration between IT and Security teams is essential, yet often lacking. With the average organization adding 12 new, often unsanctioned, apps monthly, the need for robust Governance, Risk, and Compliance (GRC) frameworks has never been greater. Torii addresses this need by providing comprehensive tools that enhance visibility and control over SaaS environments. From blocking risky third-party app access to offering detailed application risk assessments, Torii empowers IT to manage and secure its digital landscape proactively, fostering better collaboration and stronger compliance efforts.