Managed Security Services

SaaS Alerts App Wizard Helps MSPs Protect Clients from Third-Party Risk

Alert icon isolated on Abstract design bright red banner background

SaaS Alerts has introduced a major update to its cybersecurity offerings that has the capability to monitor managed services clients for third-party risk. The company already offers automated software as a service (SaaS) security designed to detect and stop unauthorized activity in core customer SaaS applications such as Microsoft 365 and Google Workspace, among others. Now SaaS Alerts is extending those capabilities beyond the core set of applications that it previously protected to any SaaS business application with a viable application program interface (API).

The new capability is called App Wizard, and it allows managed service providers (MSPs) to request integration for any of their third-party applications so that SaaS Alerts can monitor those applications and ensure their security.

That’s a huge advance at a time when so many companies are concerned about mitigating third-party risk.

MSPs Protecting Clients from Third-Party Risk

SaaS Alerts CEO Jim Lippie told ChannelE2E that MSPs can request such integration for any customer business software. SaaS Alerts will then determine if that software has a viable API. If it does, SaaS Alerts will be able to enable monitoring of that software within 72 hours for the entire SaaS Alerts community of MSPs.

Lippie believes this is a massive opportunity for MSPs because it enables them to protect their clients’ third-party software. For instance, if there’s a platform specific to law firm vertical markets or dental firm vertical markets, those platforms can gain SaaS Alerts cybersecurity monitoring if they have a viable API.

“This is a massive opportunity for MSPs as more software shifts from on-premises to the cloud,” Lippie said. “This is the next frontier.”

Viable API Definition

What does a viable API mean in this case? Lippie said that there are a lot of APIs that are comprehensive and well put together but that are not viable for security monitoring purposes. In this case, viable APIs are ones that provide security log data. This technology will only work with APIs that provide security log data.

In an age when third-party risk is at top of minds for so many businesses, the pressure is on for cloud software vendors to provide APIs that fit this profile.

Industry Petition and Campaign

The pressure is starting with a campaign from SaaS Alerts itself. Lippie said the company is launching an “I want my SaaS Alerts” campaign to encourage the software community to start including security log data in their APIs.

A petition was launched on December 4, and SaaS Alerts is hoping to collect signatures of 2,500 MSPs, representing an estimated 250,000 small businesses. MSPs who would like to support this effort are encouraged to sign the I want my SaaS alerts petition here.

SaaS Alerts hopes to collect enough signatures by March 8, the date of the Right of Boom cybersecurity event for MSSPs and MSPs, and then present the petition to some of the world’s leading software companies.

For instance, Intuit’s Quick Books Online is the top application requested for integration with SaaS Alerts, but Intuit does not offer an API that provides security log data, Lippie said. The platform API does not collect data about who is logging in, where they are logging in from, what are they looking at, and what are they taking.

“Those are the four most important things when we are looking at the security behavior associated with an application,” Lippie said.

“We want the help of the entire MSP community to help us bring awareness to this issue,” Lippie said. “There’s a lot of really great applications out there that don’t have the security log data available in them.”

API Standards

Lippie said that there’s no API standard out there today that applies to providing security log data in the actual API. But many software companies, particularly big ones, provide security log data already in their APIs. Those include Microsoft 365, Google Workspace, Salesforce, Dropbox, and Slack.

Early on, Lippie said, SaaS Alerts decided it wanted to monitor security log data in the top platform category used by every MSP out there -- RMM software (remote monitoring and management).

“But when we looked at the APIs of some of those applications, the information wasn’t there for us,” Lippie said. To remedy the situation, SaaS Alerts worked with the major players including ConnectWise, Kaseya, and N-able. They also worked with Syncro and Ninja.

“Now we have all that information available to us so that we can monitor those applciations on behalf the community,” Lippie said. “Our hope is that by creating awareness around this issue, we can influence other leading software companies to incorporate this information so we make the entire industry and community stronger.”

Jessica C. Davis

Jessica C. Davis has spent a career as a journalist and editor covering the business of technology including chips, software, the cloud, AI, and cybersecurity. She previously served as editor in chief of Channel Insider and later of MSP Mentor (now part of Channel Futures). She was a key editor in the original MSP 501 list. She now serves as editorial director for CyberRisk Alliance’s channel brands, MSSP Alert and ChannelE2E.