Monitoring and Reporting of approved Online Services & SAAS
O
Oyster Opossum
With Essential 8 there is a need to monitor for Online-Services which in scope would be SAAS Applications used in an environment, would love to see a feature where detecting potentially accessed SAAS apps via some form of network monitoring can occur or manually adding SAAS apps to a company to monitor health status, for example:
- End of life or End of Support status
- Health example Online/Offline/Unhealthy
- Compliance checks (does the platform have any trust center that details if they are SOC/ISO27001 compliant for example and still are compliant?)
- Monitor vendor risk for example known compromise where potentially the company may need to be aware of data leakage or password leakage risks.
Service example like:
- M365, Google & Amazon
- Varonis
- Employment Hero & Job Adder
- Cloudflare
- Verisign
- Bluebeam
- LastPass
- Keeper
- Xero