With 2022 coming to a close, there is no better time to buckle down and prepare to face the security challenges in the year to come. This past year has seen its fair share of breaches, attacks, and leaks, forcing organizations to scramble to protect their SaaS stacks. March alone saw three different breaches from Microsoft, Hubspot, and Okta.
With SaaS sprawl ever growing and becoming more complex, organizations can look to four areas within their SaaS environment to harden and secure.
Enterprises can have over 40 million knobs, check boxes, and toggles in their employees' SaaS apps. The security team is responsible to secure each of these settings, user roles and permissions to ensure they comply with industry and company policy.
Not only because of their obvious risk or misalignment with security policies, misconfigurations are overwhelmingly challenging to secure manually. These configurations can change with each update, and their complexity is compounded by the many compliance industry standards. Adding to that challenge, SaaS app owners tend to sit in business departments outside the security team's scope and are not trained or focused on the app's security.
Security teams should onboard a SaaS Security Posture Management (SSPM) solution, like Adaptive Shield, that provides full visibility and control across a critical mass of SaaS apps in the SaaS stack. The solution must identify both global app settings and platform-specific configurations within each app. Security teams should be able to use the solution to gain context into security alerts and gain answers to questions like: Which users are subject to a certain misconfiguration? Are they admins? Is their MFA enabled? By having these answers at their fingertips, security teams can enforce company and industry policies to remediate potential risks from any misconfiguration.
Another growing security challenge derives from the increasing volume of apps connected to the company's SaaS environment. On average, thousands of apps are connected without the approval or knowledge of the security team. Employees connect these apps, often to boost productivity, enable remote work and to better build and scale company's work processes.
However, when connecting apps to their workspaces, employees are prompted to grant permissions for the app to access. These permissions include the ability to read, create, update, and delete corporate or personal data, not to mention that the app itself could be malicious. By clicking "accept," the permissions they grant can enable threat actors to gain access to valuable company data. Users are often unaware of the significance of the permissions they've granted to these 3rd-party apps.
Falling in the Shadow IT domain, security teams must be able to discover 3rd party apps and identify which pose a risk. From access scopes requested by these apps, to authorized users and cross referencing, the security team should be able to measure the level of access to sensitive data across the organization's stack. An SSPM solution like Adaptive Shield, can arm the security team with this type of discovery and control in addition to providing advanced reporting capabilities for effective and accurate risk assessments to drive actionable measures.
Device-to-SaaS User Risk
Security teams must deal with threats from users accessing their SaaS applications from personal, unsecured devices. Accessing a SaaS app via an unmanaged device poses a high level of risk for an organization, especially when the device owner is a highly privileged user. Personal devices are susceptible to data theft and can inadvertently pass on malware into the organization's environment. Lost or stolen devices can also provide a gateway for criminals to access the network.
Security teams need a solution that enables them to manage SaaS risks originating from compromised devices. An SSPM solution like Adaptive Shield can identify privileged users such as admins and executives, calculate user-risk levels, and recognize which endpoint devices need to be more secured.
|Figure 1. Adaptive Shield's Device Inventory|
Identity and Access Governance
Every SaaS app user is a potential gateway for a threat actor, as seen in the most recent Uber MFA Fatigue attack. Processes to ensure proper users' access control and authentication settings are imperative, in addition to validation of role-based access management (as opposed to individual-based access) and establishing an understanding of access governance. Identity and access governance helps ensure that security teams have full visibility and control of what is happening across all domains.
Security teams need to monitor all identities to ensure that user activity meets their organization's security guidelines. IAM Governance enables the security team to act upon arising issues by providing constant monitoring of the company's SaaS Security posture as well as its implementation of access control.
Gartner called SaaS Security Posture Management (SSPM) in the "4 Must-Have Technologies That Made the Gartner Hype Cycle for Cloud Security, 2021" for solutions that continuously assess security risk and manage the SaaS applications' security posture. With an SSPM platform, like Adaptive Shield, organizations can harden their SaaS security to identify and remediate issues faster and prevent future attacks. Security teams can introduce best practices for SaaS security that extend beyond Misconfiguration Management to cover SaaS-to-SaaS Access, Device-to-SaaS User Risk levels, and Identity & Access Management Governance.