The 30 Workato security checks Black Cat runs
Black Cat SSPM evaluates 30 security policies against your Workato configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Reduce workspace Environment Admin collaborators to five or fewer
Remove or deactivate collaborators who have been inactive for an extended period
Assign a more restrictive role to collaborators with excessive privileges
Create custom environment or project roles to enforce least-privilege access control
Remove or populate collaborator groups that have no members
Split or trim over-populated collaborator groups to limit blast radius
Define custom project-level roles to enforce least-privilege access for project collaborators
Remove or downgrade admin members who have been inactive for 60 or more days
Revoke unused API keys to reduce the number of active credentials
Assign at least one additional Environment Admin to avoid a single point of failure
api security
Configure IP allowlisting on the API Platform client to restrict access by source IP
Review and remove developer API clients that are no longer in use
Activate or remove the inactive API endpoint in Workato API Platform
Replace static auth token authentication with JWT or OAuth2 for API platform clients
Remove or provision keys for the orphaned API platform client
Replace the admin role on the developer API client with a least-privilege role
automation
Investigate and fix the recipe that is producing a high rate of job errors
Diagnose and resolve errors that caused the recipe to stop, then restart it
compliance
Review authorization scope and data access for connections to sensitive SaaS providers
Add a description to collaborator groups to document their purpose for access reviews
configuration
Remove unused recipes or upgrade the Workato plan to stay within recipe quota
Re-authorize or remove the broken SaaS connection in Workato
Review and remove SaaS connections that have not been used recently
Upgrade the Workato workspace to a paid plan to restore full security controls and SLA
Review and clean up recipes that have never been executed
Review and archive recipes that have been stopped for an extended period
Investigate connections that show as authorized but have no authorization timestamp
Split recipes with many application integrations to reduce blast radius
data protection
Review data handling and access controls for recipes connected to sensitive business applications
key management
Implement key rotation by revoking old keys after issuing new ones