The average SMB uses more than 54 SaaS products, often leading to SaaS chaos and security exposure. While SaaS can help you get your job done more efficiently, it can also introduce security concerns if not properly locked down. At Blissfully we help hundreds of companies manage this SaaS chaos, and we’ve prepared a simple, practical, and effective guide to improve your organization’s SaaS security.

1. People-First
SaaS Security
A Prac'cal Guide to
h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/

2. Why You Need Be8er
SaaS Security
2

3. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 3
The average SMB
uses 54+ SaaS
products
34 free
20+ paid

4. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 4
Who’s using what programs, when, where, and how
That your security controls make it difficult or impossible
for unauthorized users to access your data and systems
As a business, you need to know:

5. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 5
Ad hoc or absent security
policies can open your
business up to a whole
world of vulnerabili4es
Arcane or overly strict
security prac4ces aren’t
user-friendly so they’re
oMen skirted by employees
Where do you fall on the SaaS security spectrum?

6. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 6
Where do you fall on the SaaS security spectrum?
BAD
PW: 1234
GoodOK
2FA
Best - SMB
No System Personal PW Manager Team PW + Google SSO Google SSO
Likely weak, re-used passwords
No visibility
Unsecure team sharing
Single access with a strong password + 2fa
Google SSO for Team Password manager
Easy and secure team sharing
2FA
Best - Enterprise
Okta SSO
Single access with a strong password + 2fa
Okta for SAML and other access
Centrally managed app access from IT
Likely stronger passwords
No team management or visibility
Can’t enforce password standards
Google SSO with 2fa is secure and easy
Secure password sharing for teams
Team password manager complex to set up
Users still need 2 passwords
SAML

7. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 7
Security starts with people
Build your security policies and
procedures around people
Your weakest
security link
Your best line
of defense
OR

8. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 8
Security starts with people

9. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 9
Security policies are only as good as their implementa4on
Focus on “people-first security”—the guiding principle for
all recommenda4ons in this guide
Consider security efficacy

10. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 10
Small to mid-sized
businesses will find this
guide’s recommenda4ons
most relevant
Some content is specific to
users of G Suite, the
backend powering millions
of modern companies
worldwide
Who this guide is for
SMBs

11. THE FOUNDATION:
Configuring G Suite
for Security
11

12. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 12
MulN-factor authenNcaNon
Enable and enforce
mul4-factor
authen4ca4on (MFA)
on all products that
support it

13. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 13
MulN-factor authenNcaNon
HOW TO: Enforce MFA Across Your Organiza8on
1
Set up two-step
verifica4on for your
en4re domain.
2
Turn on 2-Step
Verifica4on
Enforcement for your
en4re domain
3
Create a work-around
for new employees
and contractors:
For new employees, you can create
a “wai4ng period” by going to Under
Security → Advanced Security
Sebngs under 2-Step Verifica4on,
you can set an enrollment period
aMer a new account is created.
For contractors, you’ll need to
create an “Excep4on Group.” This
requires quite a few steps, but it will
allow members of that group to
login without two-step verifica4on.
4
Google’s default
second factor is the
Google app on mobile
devices, which is a
very user-friendly
authen4ca4on step.
A no4fica4on simply pops up on the
smartphone to ask whether the user
is approving this sign in. This is
recommended over the more
tradi4onal SMS-based second
factor, because it is both simpler
and more secure.

14. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 14
Chrome sePngs
Turn on Chrome
management to set account-
level policies for use across
Chrome devices, Android
devices, and the Chrome
browser
Policies can include enrollment controls, apps and extensions
allowed or required, Chrome web store permissions, Android
applica4ons, and a wide range of other security controls.

15. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 15
Team Drives
Use Team Drives to store files
and easily manage ownership
and access permissions for
individual team members
Contact sales@blissfully.com for informa4on on exclusive
discounted access to Team Drives.

16. SaaS Security
Monitoring
16

17. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 17
It’s difficult enough to manage the security of your
sanc4oned SaaS apps, so how can you ac4vely monitor
usage of unsanc4oned apps across your company?
Shadow IT is increasingly common

18. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 18
Blissfully SaaS security monitoring

19. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 19
Blissfully SaaS security monitoring
Access an always up-to-
date list of SaaS products
—including “shadow” and
unsanc4oned apps—in
use across your company
Audit user and app
permissions, consolidate
licenses, and gain
unprecedented visibility
into your SaaS stack

20. SaaS Access
Management
20

21. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 21
63%
of data breaches leverage
weak, default, or stolen
passwords
SOURCE: 2016 Verizon DBR
Tight password and access controls can help
your company avoid becoming the next
vic4m

22. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 22
Team password management
Use TeamsID, linked with
Google’s SSO, for strong
team password
management across
plalorms
Bonus: Get 10% off when you sign up for TeamsID using the
promo code blissfully

23. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 23
Team password management
LastPass is a very solid
TeamsID alterna4ve, but
lacks Google SSO support
and comes with some
configura4on challenges
Using either TeamsID or LastPass is far be"er than allowing users to reuse
passwords (opening your company up to large-scale creden4al a"acks)

24. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 24
IdenNty access management
200+
employees?
Time to deploy a unified
Iden4ty Access Management
(IAM) solu4on
IAM offerings give you custom
configura4ons and deep
integra4ons to streamline the
end user’s access experience

25. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 25
IdenNty access management
Deploy Okta to enable single
sign-on that results in 50%
faster app sign in and half as
many IT help desk requests
RECOMMENDED ALTERNATIVES

26. PuPng Your Stack
Together
26

27. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 27
Recommended SaaS security stack

28. About Blissfully
28

29. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/
Blissfully helps hundreds of companies effortlessly
manage their SaaS vendors, across thousands of
subscrip4ons and millions of monthly spend. Once
installed, Blissfully displays both historical and up-to-
the minute accurate representa4ons of what SaaS
products an organiza4on relies upon, sends data to,
and pays for.
We founded Blissfully because SaaS adop4on is
exploding: small-to-medium sized businesses, on
average, implement over 20 paid subscrip4ons. And
that number has doubled annually for the past two
years alone. This trend makes visibility, on-boarding,
security, and management of SaaS products
increasingly overwhelming for business operators &
leaders. We exist to help.
29
Sign Up for Free

30. h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/ 30
But wait, there’s more
For deeper insights and even
more useful context, download
this complete guide at
h"ps://www.blissfully.com/prac4cal-guide-to-saas-security/