SaaS Secure Configuration Review
A review of a business SaaS platform against best practice, covering authentication, sharing controls, and logging.
What is a SaaS secure configuration review?
Most businesses run critical operations on third-party SaaS platforms, from CRMs and HR systems to finance and support tools. Each one has its own security settings, and a misconfiguration can expose customer data or hand an attacker an easy way in. This review assesses a SaaS platform against security best practice and identifies the specific settings that need to change.
What we review
- Authentication and access: single sign-on (SSO/SAML), provisioning (SCIM), user roles, and how privileged access is granted.
- Collaboration and sharing: public links, guest access, and domain restrictions that control who can see and share data.
- Logging and monitoring: audit logs and alerting integrations, so activity is recorded and unusual behaviour can be noticed.
The exact checks are tailored to the platform, since each SaaS product exposes a different set of security controls.
Who needs a SaaS secure configuration review?
Organisations that hold sensitive data in a SaaS platform, are onboarding a new one, or need to demonstrate that a key system is configured securely for compliance or insurance.
What the process looks like
We scope the platform and the access required, usually a read-only administrative view. The review identifies the gaps against best practice and gives you specific, prioritised changes to make, with a follow-up review available once they are in place.