Steven Tamm
Managing security across multiple SaaS cloud deployments is becoming more challenging as the number of zero-day and ransomware attacks continues to rise. In fact, recent research reveals that a staggering 76% of organizations fell victim to a ransomware attack in the past year.
It’s no secret that protecting data is hard, and with the rise of cloud technologies, it’s becoming harder. But when it comes to cloud SaaS application risk, what does that look like? And what actionable steps can teams and IT pros take to help mitigate those risks at their organization? In this article, I’m going to explore those questions and provide some insights.
Navigating the maze of SaaS challenges
Modern organizations encounter a variety of SaaS challenges, including the absence of configuration standards, multiple APIs, and user interfaces (UIs) with varying access levels and potential data leaks across interconnected systems. Securing structured data in CRM applications, communication data in messaging platforms, and unstructured data from file providers is already difficult.
However, when these systems are sourced from different vendors, it becomes even more challenging to detect and prevent attacks in a timely manner. The interconnected nature of these systems makes tracking data provenance difficult and facilitates broad spread of malware and ransomware.
This challenge is further exacerbated when organizations extend their systems to include external users. With expanding footprints, the inadvertent leakage or destruction of sensitive data becomes a significant concern. Popular platforms like Salesforce Communities, Slack Connect, Microsoft Teams, Microsoft 365, and Google Drive create a complex web of identity, permissions, and integration controls.
Unfortunately, most endpoint management tools on the market were designed for a pre-cloud, pre-bring-your-own-device (BYOD) era, making them inadequate for managing the modern SaaS landscape. So how do you take control?
Taking control with new solutions
When managing risk in the cloud, it’s crucial to select IT and security solutions that truly address the intricacies of the deployed SaaS applications and were born 100% in the cloud without any legacy on-premises components. The good news is that vendors are developing innovative solutions to help IT and security teams do this. But it’s essential to explore the options and consider the following:
First, do they go beyond basic factors such as OAuth scopes, login IP addresses, and high-level scores, and instead delve deeper into data usage patterns and even examine the code of all integrations?
Second, many major SaaS vendors provide event monitoring, antivirus protection, and basic data leak prevention as check boxes. But these features often fall short when it comes to preventing and remediating data attacks because of miscalibrated thresholds in alert systems and logs that are not tuned for specific organizations. That results in alert overload and fatigue. It’s important to understand how a solution improves risk scoring and alert prioritization.
Waiting for manual intervention means that by the time action is taken, the data is already encrypted, sensitive personally identifiable information (PII) is inadvertently placed in the wrong folder, or a rogue Google Chrome extension has already been installed, compromising valuable client lists.
To overcome these challenges, automation and detection have become a crucial piece of the puzzle, and you should be asking about these capabilities. It’s vital to leverage solutions that provide comprehensive coverage across SaaS platforms, integrating data loss prevention, posture management, and automatic detection and response to security threats into a cohesive security strategy.
Unforeseen security challenges
During my time at Salesforce, I observed numerous security incidents arising from misconfigurations or malicious activity. Among these incidents, the most challenging ones to identify were those occurring outside the control of customers. Salesforce introduced various APIs to core systems, such as portals and community access, which could inadvertently leak data even without configuration changes, because the customer didn’t realize the implication of enabling new functionality.
The inclusion of mobile applications or unrelated AppExchange applications had the potential to trigger severe security breaches. A false sense of security emerged from the mistaken belief that data would remain concealed simply because it was not visible in the user interface.
Furthermore, the interconnectivity between SaaS products via integrations exacerbated the situation, making it difficult to monitor data movement and manage multiple permission systems. External systems, particularly data warehouses, often lacked the same level of row-level security provided by CRM vendors.
Addressing these types of issues requires a comprehensive approach to security that includes strengthening configuration management and prioritizing API security. This can be achieved by establishing rigorous processes for configuration management, including regular security assessments and audits. It’s also crucial to develop and enforce secure configuration guidelines that leverage automation for verification to minimize human errors.
Furthermore, API security should be given high priority by implementing robust access controls, authentication mechanisms, and encryption for APIs. The use of API gateways or security proxies can help monitor and manage API traffic, enforce policies, and detect any anomalous behavior. Regular assessments of APIs should be conducted to proactively identify vulnerabilities and address any misconfigurations.
Addressing phishing attacks and remediating ransomware
In addition to the aforementioned challenges, users today face an increasing number of smishing and phishing attacks that closely resemble legitimate requests, making them harder to identify compared to traditional email spam.
Effectively remediating ransomware attacks can be arduous, emphasizing the importance of selecting vendors with rapid detection and blocking capabilities. This puts a premium on solutions that employ advanced algorithms capable of analyzing behavior rather than relying solely on signatures. Additionally, it’s important to ensure that the service level agreements (SLAs) are sufficiently short, so teams do not have to plead with the cloud provider to increase throughput or timeouts while recovering from out-of-date backups.
The importance of a holistic approach
While the emergence of SaaS security posture management (SSPM) platforms is a positive development, it’s important to acknowledge that relying solely on SSPM is insufficient to combat modern security threats in the SaaS environment. Continuous monitoring and algorithmic analysis undoubtedly form crucial components of a comprehensive security strategy, but they must be complemented by other measures to ensure comprehensive protection.
Consider adopting a comprehensive and interconnected ecosystem of robust solutions that work harmoniously to provide a unified defense against the diverse range of threats faced. This can include an all-in-one platform that integrates SSPM with other essential components such as SaaS data loss prevention (DLP) and SaaS ransomware protection. By embracing such a holistic approach, businesses can safeguard their data and operations from the increasing risks posed by cyberattacks.
Navigating the evolving threat landscape to ensure the highest level of protection in the multi-SaaS cloud environment doesn’t have to be difficult, especially if you adopt a proactive stance and implement comprehensive security measures. Remember, SaaS data protection is 100% your responsibility. SaaS vendors are not responsible for data that belongs to you; they are responsible for internal security, infrastructure security, and so on.
By combining administrative controls — such as policies, processes, user education, and contingency planning — with technical solutions, including automation, app inventorying, risk assessment, and policy enforcement, you can establish a robust defense against emerging threats.
Comment