Typically, when threat actors look to infiltrate an organization's SaaS apps, they look to SaaS app misconfigurations as a means of entry. However, employees now use their personal devices, whether their phones or laptops, etc., to get their jobs done. If the device's hygiene is not up to par, it increases the risk for the organization and widens the attack surface for bad actors. And so, Endpoint (Device) Protection — through EDR, XDR, and vulnerability management solutions – has arisen as a critical factor in SaaS Security.
The challenge in remediating the threats posed by endpoints and devices lies in the ability to correlate between the SaaS app users, their roles, and permissions with their associated devices' compliance and integrity levels. This end-to-end approach is what's needed for the organization to implement a holistic, zero-trust approach for their SaaS Security.
Not a simple feat, however, automated SaaS Security Posture Management solutions, like Adaptive Shield, can now provide visibility that correlates the SaaS user and their associated devices with the device's hygiene score.
How do you classify high-risk devices in the context of SaaS security?
Devices that are owned, or used by users with high levels of permission to the company's core SaaS apps. For example, someone who has high levels of access to the company's CRM can present a high risk to the company if their device is vulnerable and this needs to be remediated immediately. These high-risk devices serve as a critical threat vector to an organization's SaaS environment.
Security teams should continuously map devices to their users and their associated permissions to get a handle on which devices/users pose the highest risk.
Correlate Between User, App, and Device
As mentioned, the more privileged the user, the higher their device is at risk. To gain deep observability into the user, app and device posture, security teams need to check the hygiene of their users' devices, for example, up-to-date OS configurations, and any vulnerabilities. With that assessment and score in hand, security teams can map and monitor the user's SaaS app access (in addition to, of course, securing the SaaS apps themselves).
Once these cross-references are in place and accessible, organizations can enable "soft" enforcement enhancements, through policies and organizational best practices. This way security teams can monitor risks and threats without severely limiting the user.
Get the Zero Trust Approach
Zero-trust is a concept much batted about in cybersecurity vernacular today. While many consider it a buzzword, its meaning represents an important approach that can not be emphasized enough. To wholly secure the organization's SaaS stack, end-to-end, and continuously, calls for a holistic and automated solution.
An SSPM solution, like Adaptive Shield, has been built to resolve not only the need for management of the SaaS app configurations themselves, but also the devices the organization's employees use. (Not to mention third party app access — and you can read more about that here.) When integrated with MDM (mobile device management) solution, Adaptive Shield will pull the device data and map the device to the owner.
By looking at the device posture while conducting a SaaS security assessment, organizations can achieve a holistic zero trust approach.