• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Don’t Get Caught in a Data Hostage Situation

By now we’ve all heard about ransomware and the massive financial implications it can have on business. While ransomware is an example of something coming in and infecting you, the converse can be a risk. With the ease of cloud accessed Software-as-a-Service (SaaS) applications, your data can be outside of IT’s control extremely easily. Two recent examples of disgruntled employees illustrate just how important IT’s management of SaaS applications can be.

Recently, a for-profit college in the Midwest was held hostage by a newly-terminated employee. For some unfathomable reason, this single employee had just enough access to bring the school to its knees by locking it out of its access to a SaaS based education application. The employee made financial and job-related demands and claimed the school caused the service lockout, not malicious actions.

Regardless of who is at fault in this instance, for the school, the primary concern was for the services impacted and the real financial implications of being offline and locked out of its cloud application.

Direct financial implications and service loss are a couple of ways for individuals to impact a company. Another way is to attack the brand over social media – using the company’s own accounts! One infamous event had an employee tweeting from the company’s account to their 63,000 followers while in the middle of mass layoffs. This person still had the ability to take this action, even during their own termination, due to the lack of IT control. Given the number of cloud-based applications most employees use on a day to day basis, it is easy to see how some could slip through the cracks in IT.

There are two main issues that need to be covered in the scenarios above. The first issue is identifying and securing access to critical applications. The second is controlling access to those applications. Despite these two different instances, you can build a cohesive solution to address both with Microsoft.

Let’s start by finding out what cloud applications are in use. An easy way is with Cloud App Discovery, a component of Azure Active Directory Premium. This tool provides a way to discover what cloud-based SaaS applications are in use on your network, who is using them, and help prioritize which applications the IT department should begin managing. This method does require an agent, but offers much more in-depth information about what your users are doing with the SaaS apps.

To take discovery to the next level and layer on control, Microsoft offers Cloud App Security. This component of Enterprise Management + Security provides the tools necessary to both discover and manage cloud-based SaaS apps. With Cloud App Security, you can first discover which SaaS apps are in use on your network without deploying any client agents. Then, using the information gathered, you can determine which apps IT should be managing access to (and which ones you may want to block altogether). Cloud App Security allows IT to create policies around how different SaaS apps are used in the enterprise, including methods for Data Loss Prevention (DLP) for these apps.

Once you know which SaaS applications are in use, you need to control access to them. Azure Active Directory also includes a Single-Sign-On (SSO) component for most popular cloud apps. Using SSO, access to third-party apps is granted or terminated in a single effort, by configuring a user’s Active Directory account. In some cases, such as the Twitter example above, the end-user doesn’t even know the password to the corporate Twitter account. Once their Active Directory account is disabled (which should have happened as soon as that person entered the room) the user can no longer access Twitter. If they are the only one responsible for the account at the company, it is a simple process to add another user to the application, and the company maintains control of their social media. The same concepts apply to the college example, as well.

If these examples or the solutions discussed hit close to home for you, or have you wondering how SaaS applications are being managed in your organization, reach out to Arraya’s Microsoft team today to discuss our Enterprise Mobility + Security Pilot, which includes Azure Active Directory Premium SSO, at mssales@arrayasolutions.com.

They can also be reached through Arraya’s social media accounts: Twitter, LinkedIn, and Facebook.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}