Skip to content

Where Does BetterCloud Fit Into Your Tech Stack?

BetterCloud

April 12, 2021

6 minute read

WhereDoesBCFit FeatureImage

When folks talk about their tech stacks, it’s easy to assume that they’re talking about programming languages. Are you a Rust shop or does your team still cling to JavaScript like your favorite hoodie from high school that everyone agrees that you should just throw away?

But as SaaS adoption continues to explode, we can also use the term “tech stack” to describe the growing collection of tools that an IT team uses to discover, manage, and secure an organization’s SaaS applications. Most folks probably recognize those tools by the acronyms that define them: IDaaS (identity as a service), IGA (identity governance and administration), CASB (cloud access security broker). You know, just to name a few.

While the threat of SaaS sprawl might lead you to believe that a typical IT tech stack resembles a teenager’s unorganized closet, the best examples are carefully planned and diagrammed. And as we’ve seen over the years, many of those examples include BetterCloud as a critical component. Let’s explore how BetterCloud fits into IT’s tech stack in further detail.

Can BetterCloud serve as our entire IT “tech stack”?

It very well could, depending on the size of your organization and its unique IT needs. But as companies grow in size and complexity, they tend to use BetterCloud alongside other tools. While BetterCloud handles some of the finer details like file permissions and admin settings, you don’t necessarily have to say farewell to your CASB or IDaaS.

Gartner recently addressed this question in its latest Market Guide for SaaS Management Platform (SMP). Here’s a direct quote from the report: “CASB tools differ from the central administrative clearinghouse role that SMPs play, front-ending the native controls of various SaaS apps. Rather than competing offerings, tools like CASBs will work in conjunction with SMPs.”

As our Chief Business Strategy Officer Shreyas Sadalgi wrote in February, that’s how most BetterCloud customers have implemented our SMP solution. And based on the countless implementations our team has seen, CASBs aren’t the only solutions that can be used in conjunction with BetterCloud.

So how does BetterCloud play nicely with an IDaaS, IGA, or a CASB? We’ll get into some (slightly) more detailed examples in this post, but I think you’ll quickly identify a few trends. Here’s a TL;DR of what we’ll unpack in upcoming sections. Personally, I don’t think you should stop here.

  • Customers use an IGA or an IDaaS to handle the initial user provisioning tasks of an onboarding process.
  • After a user gains basic access to SaaS applications, BetterCloud handles the finer details, like determining which types of files should be shared in Slack and creating custom admin roles in Google Workspace.

OK, enough context. Let’s explore some specific examples of how BetterCloud fits into your tech stack.

(A quick note before we move on. Our friends in solutions engineering urged me to let you know that these examples are specific to user lifecycle management. They’re also not a one-size-fits-all solution for all IT organizations. While I’m at it: Hi, Blair!)

Where BetterCloud fits in your tech stack

Architecture with an IDaaS

The basic mechanics of how BetterCloud fits in with an IDaaS are consistent with the TL;DR we discussed earlier in this post. An IDaaS like Okta or OneLogin provisions applications to a user via SSO and then BetterCloud handles the rest. Simple, right? Of course not.

Screen Shot 2021 04 12 at 1.39.33 PM 1536x868 1

It’s been a little while since we talked about how OneLogin and Okta both integrate with BetterCloud. This is a good opportunity to review.

OneLogin and Okta work with BetterCloud in many of the same ways. After the initial user provisioning is done via OneLogin or Okta, BetterCloud listens to them for changes to user identities.

Let’s say one user in your org has transitioned to another department. When you update that person’s profile in OneLogin or Okta, this will trigger BetterCloud to do…any number of tasks that IT would otherwise have to complete manually, such as reassigning that person to different groups in Google Workspace or changing permissions in Salesforce. When you change a user’s status to “suspended” on either platform, BetterCloud can automatically begin the offboarding process.

But wait, doesn’t Okta handle user deprovisioning? It does, but BetterCloud handles the finer details (and enables you to automate them), such as transferring files to a manager, wiping devices remotely, and waiting a set period of time before deleting the user.

Ultimately, BetterCloud is a complementary tool to an IDaaS, which is a complementary tool to an Identity Governance and Administration (IGA) solution. So many acronyms! What the heck are we talking about? Let’s take a closer look.

Architecture with an IGA

Here’s a not-so-fun exercise. Search Google for the differences between an IGA and IDaaS. If your experience is anything like mine, you might want to throw your computer out the window.

Pamela Armstead at Okta explains that identity governance and administration is a policy-based approach to identity management and access control. That makes sense, right? But it doesn’t explain how an IGA works with an IDaaS—and more importantly, how BetterCloud fits in.

Here’s another visual to help make sense of the confusion:

Screen Shot 2021 04 12 at 1.31.29 PM 1536x876 1

When we use the acronym IGA to describe a solution, we’re referring to a separate product that determines whether a user can have access to an application based on the policies put in place by your organization. Once the IGA gives a user the green light, the IDaaS creates the licenses that the person needs. Then, BetterCloud handles the granular actions like sharing files and folders, applying the appropriate settings to an account, and putting a user in the correct groups and channels.

OK, but what about my CASB, IPaaS, and SIEM?

Trust us, we didn’t forget about these. And we’re definitely not saying that you should ditch your CASB, IPaaS, or SIEM. After all, Gartner recommends that IT organizations should use a combination of solutions to discover, manage, and secure a cloud-based environment.

But what we are saying is that connecting these tools with BetterCloud requires you to answer some really specific questions about your IT environment.

OK, here’s just one example of how an IPaaS might work with an HRIS, IDaaS, and BetterCloud.

Screen Shot 2021 04 12 at 1.33.29 PM

In this concept, the organization’s HRIS syncs to Okta, which triggers BetterCloud to perform all the magic we’ve discussed several times in previous sections. Once BetterCloud has completed the advanced actions, it syncs back to Okta, which then syncs with the IPaaS, and finally back to the HRIS. Phew.

This begs one crucial question: Why would an IT organization want to go through all of this trouble? According to our IT folks, this setup tends to be necessary for organizations that use legacy systems. Many of those legacy systems don’t work seamlessly with newer tools like BetterCloud—and in these instances, an IPaaS connects all of your systems together.

One of the major appeals of an IPaaS is that they enable you to sync data from a variety of sources. But this also means that an IPaaS can live anywhere in an IT architecture. If you’d like to connect your IPaaS directly to BetterCloud, be our guest. If you’d like to connect your IPaaS to something else, we can help you figure that out.

The same can be said for how BetterCloud fits in with a CASB or a SIEM. The short answer to the question we posed in the title of this blog post? It depends on how you want to use those tools together. We probably don’t need to tell you that your IT environment is unique—and so too are the potential ways that you might use BetterCloud with your existing tech stack.

Customers often use a CASB with BetterCloud for on-device or on-endpoint proxy protection. While the majority of CASBs have some Cloud DLP functionality, they’re typically not as granular in remediation as ours.

The on-endpoint proxy protection that a CASB offers enables IT to automate a variety of tasks, including:

  • Track if a user shares a file via email or USB drive
  • Scan files on a device
  • Scan the entire network to see if files are moving where they shouldn’t
  • Block unwanted traffic

On the other hand, a SIEM is useful for dashboarding and data storage. For example, IT might use a SIEM to have all of its syslogs from all of its SaaS applications load into a single dashboard. An administrator can then weight that dashboard with data from BetterCloud to limit alert fatigue.

Final thoughts

I’d be remiss if I left you without two important reminders. First, even though there are slightly more consistent ways that BetterCloud works with an IGA or an IDaaS, all of the examples we discussed in this post are not one-size-fits-all solutions. And even more importantly, we’ve only touched on user lifecycle management examples. When you start digging into other IT priorities like file security and insider threats, those cases are even more specific to your organization’s needs.

Want to learn more about how BetterCloud works with your existing tooling and fits into your tech stack? Schedule a demo.