Cybersecurity vendor SaaS Alerts is on a mission to empower MSPs with more monitoring capability.
If it succeeds, MSPs will gain the ability to monitor all Software-as-a-Service applications, as they do for core applications such as Microsoft 365 and Google Workspace. But this will require cooperation from SaaS application vendors, who would have to change their APIs.
SaaS Alerts hopes to jump-start the practice with its launch this week of App Wizard, which lets MSPs integrate the company’s platform with any SaaS business application that has a viable application program interface (API). Viable APIs expose interface and reference documentation that SaaS Alerts needs to correlate user account behavior within its security, orchestration, automation, and response (SOAR) platform.
This would allow MSPs to monitor and receive alerts from SaaS applications, thereby enhancing the security of customer environments, says SaaS Alerts CEO Jim Lippie. While SaaS Alerts can monitor core applications such as Microsoft 365 and Salesforce, it has not been able to do so for third-party SaaS applications.
With the introduction of App Wizard, Lippie hopes SaaS application providers will follow the example set by RMM vendors such as Kaseya, ConnectWise, Syncro, and N-able, which already provide viable APIs.
Not all vendors are on board, says Lippie, but he hopes that will change. That’s why in addition to introducing App Wizard, SaaS Alerts has launched an initiative called “I Want My SaaS Alerts.” It’s an industry-wide campaign to encourage SaaS application providers to update their APIs with security data so MSPs can start monitoring the applications. This gives MSPs the ability to track user behavior and detect security risks.
“What we are looking for is who is accessing the application, where from, what are they looking at, and what are they taking,” says Lippie. “Our position is that there are so many SaaS applications out there, so many different ways for a threat actor to expose an environment, that we need to do everything we can to look at all user behavior associated with these applications.”
SaaS applications have grown in popularity, reaching an estimated 70% of all software. Lippie says users of industry online forums for years have clamored for security logs for applications. Some vendors have refused to provide that information. “We believe that is a mistake,” says Lippie.
Value And Revenue
Without the API security information, MSPs are limited in the value they can provide to customers, Lippie says. It also limits their earning potential.
Currently, MSPs earn up to 91% gross margin by offering the SaaS Alerts service, according to the company. App Wizard creates incremental service opportunities with substantial revenue potential, Lippie says. For instance, if an MSP with 100 customers charges $200 per customer to monitor additional SaaS applications, they could boost their monthly revenue by $20,000.
Lippie believes customers will welcome the additional service if MSPs explain the value of monitoring SaaS applications—a more secure environment.
But achieving that for the entire SaaS ecosystem will only happen if SaaS providers agree to use viable APIs. That’s why the “I Want My SaaS Alerts” campaign is so important, he says. Lippie defines success for the campaign as reaching the goal of collecting signatures from 2,500 MSPs—representing an estimated 250,000 U.S. small businesses—by March 8, when the Right of Boom MSP cybersecurity event wraps up.
“Without a strong commitment from the software developer community, MSPs will continue to struggle with properly defending their customers against constantly evolving IT threats,” he says.
