BetterCloud Intro & Product Demo

Updated on

BetterCloud Intro & Product Demo

BetterCloud is an OEM partner that provides VMW access to SaaS applications. This partnership expands on our initiatives as company to build and sell products that allow IT teams to be successful in the Anywhere Workplace and move towards a Zero Trust model with employee experience in top of mind. This partnership allows for us to now manage the distributed edge with complete visibility into apps, device, and network making this partnership the most comprehensive employee automation solution across the industry.

The importance of SaaS

Employees have continued to adopt SaaS applications at a record pace. The average company has ~650 applications with larger enterprises averaging ~1,400 applications. The move to cloud applications increases productivity and collaboration across the business, but creates new challenges for IT teams. IT needs tools that allow them to scale with their end users, while ensuring their security initiatives continue to be a top priority. The BetterCloud platform allows teams to discover, manage, and secure their cloud applications.

Workspace ONE and BetterCloud

The Workspace ONE platform and BetterCloud partnership provide an unmatched set of tools for the Anywhere Workplace and Zero Trust initiatives. By automating actions across the Cloud Apps, Device, Network, and WS1 Services IT can focus less on mundane tasks and more on strategic initiatives.

Discover, Manage, and Secure

BetterCloud is defining the SMP space by creating a single solution that allows IT to Centralize the administration of the SaaS apps in your environment with purpose-built automation that increases IT efficiency and reduces security risk Management, while protecting employees and securing sensitive data.

  • Manage, which allows you to perform User Lifecycle Management (onboarding, offboarding, and mid-lifecycle), ensuring your user's data is correct across all integrated platforms.
  • Secure, which helps enforce your DLP and security policies. This is done through both retroactive and proactive remediation techniques such as preventing improper file shares and content scanning.
  • Discover, which provides insight into how your users are signing into applications using their professional, organizational credentials.

Let’s take a closer look at how to demo the value of each of these product areas.


Navigate to Applications -

SaaS applications provides you with completely visibility into your SaaS environment.

  • Quickly identify applications that are newly discovered and your team is reviewing -
    • New Apps
    • Apps in Review
    • Total Applications
  • Once your IT team has completed the assessment apps are classified based on your review -
    • Sanctioned
    • Unsanctioned
    • In Review
  • Date of App Discovery lets users know when the app was initially discovered by BetterCloud.
  • Showcase how apps are discovered and quickly see how many users have a license -
    • BC - BetterCloud (added manually by an admin)
    • SSO
    • OAUTH
  • Showcase App Permissions
    • Filter Column > Select Permissions

Search or navigate to Microsoft in the grid and click on the App Name to get more details.

Application Details

  • Quickly identify application owner
  • How app was discovered
  • Identify redundant apps in Similar Apps Discovered
    • By consolidating and moving users to sanctioned App you can take advantage of bulk discounts. Categories with the most overlap will be collaboration, project management, and E-learning tools.
  • From similar Apps discovered using the Actions button you can quick OAUTH App for all users
    • Access Workflows to off-board users from redundant applications

User Details

  • Quickly identify all users of application
  • The discover date allows you to quickly see when a User was added to the applications.
  • Use the Last SSO login date

OAuth Apps (this is not currently available in our demo account)

  • View Permissions granted to third party apps
  • Take action against unwanted applications that could be a security risk.

Navigate to Workflows then Manage to view a list of all the Workflows. Then the down carrot for the Onboarding Engineering | Okta workflow and select Edit Workflow

Showcase the When, If, and Then options based -

  • This onboarding flow provides sequential steps for a new user to all their SaaS apps based on their group and role within an organization -
    • User is added to Identify tool of choice.
    • Provisioned to primary applications.
    • Added to the proper teams or groups within an App.
    • Granted access to Day 1 Assets (Files, Folders, Slack Channels, etc.)

Navigate to “Directory” and “Users” to get a comprehensive picture of all SaaS users across your cloud environment -

  • Move to directory user grid
  • Explain how you can view all the users across the various SaaS apps in a single place
  • Ability to filter and group by integration / collapse
  • Filter by integration to a single (Office365)
  • Ability to perform an action on a single user or group of users (showcase filters to further narrow down)
  • Select a single user and review 360 user view
  • Showcase the various apps the user account exists for, apps, memberships, files and settings and the ability to take actions on the various tabs
  • Showcase groups grid with similar options as above for users

Navigate to Files -

  • The Browse tab allows you to gain visibility and control on file exposures and permissions.
  • Filter the view down to what is most relevant to the customer (Dropbox or Office365)
    • Group by Integration
    • Select an object and demonstrate how you can take an ACTION

Filter on the File Permission column in the grid -

  • Showcase the ability to surface permissions - documents available via a link which could show up on a search engine
  • Quickly determine if documents are shared with a competitor's domain
  • Filter the shared with to include gmail.com and {competitor.com}

Additional Talking Points

  • Excessive Permissions
  • Uncontrolled Sharing
  • Showcase ACTIONS by selecting an object and revoking the sharing.
    • Filter to integration = “Slack” and Permission = “Public - Accessible via Link”

Navigate to “Scan” under the Files tab -

Showcase content scanning for public, external, and internal

  • Scan for sensitive data to audit and avoid exposure
  • Scan by integration, File owner or shared with
  • Use Pre-defined Data to scan for
    • General PII - SSN, Driver license
    • Financial Data - Credit Card, Bank Account numbers
    • Scan by Region - GDPR
  • Use Regular Expressions or Keywords

Navigate to "Alerts” and click manage to view all the Alerts available -

  • Showcase various alerts
  • 3 Alert Classification
    • Template
    • Custom
    • System
  • Be proactive with custom alerts. To empower an immediate response to potential threat, align your policy with alerts then include triggered alerts in a workflow.

BetterCloud connectors integrate into 70+ Integrations allowing IT to manage user access and enforce applications policies.

  • Full Integrations ingest metadata about users, groups, files, and organizational units, allowing you to trigger Alerts and Workflows.
  • Actions-Only Integrations do not ingest metadata and cannot naively trigger Alerts and Workflows, but you are still able to perform actions via the actions button and add actions to the THEN section of Workflows.
Role Based Access

Navigate to "Privileges” and click manage to view all of the Roles across your team -

Showcase roles and privileges for App Admins. This demonstrates the ability to invite different admins to BetterCloud to automate their application, but not grant more permission than necessary (least privilege access for groups and app admins)

  • Assign specific privileges to different groups
    • Offload certain administrative duties to Tier 1 help desk (password resets)
      • Grant limited privileges
    • Free up your administrator’s time to focus on higher priority tasks

Click into the Microsoft Admins Role -

  • Assign specific privileges
  • Example:
    • Offload certain administrative duties to Tier 1 help desk (password resets)
      • Grant limited privileges
    • Free up your administrator's time to focus on higher priorities
    • Give users what they need and not the keys to kingdom
  • Most SaaS apps are all or none - no granularity on privileges
Previous Article DWPG Notes for VMware Employees
Next Article Experience Workspace ONE on Android