By Maor Bin, CEO, Adaptive Shield
One piece of advice I like to give security professionals is this – it’s often instructive to view cybersecurity from the threat actor’s perspective. In a SaaS world, that means understanding the behavior patterns of threat actors and then identifying the SaaS entry point they would likely prioritize.
What you’ll likely find is that bad actors often focus on highly coveted access points. Some examples include orphan accounts, unused local admin accounts, and other high-privilege, underutilized accounts that were involved in SaaS app setup.
In the early days of SaaS security, the tools were designed to protect access to SaaS apps, looking mostly at log-ins, passwords, and SSO. What many don’t realize is that SaaS security has evolved into a much more comprehensive security program.
The evolution of SaaS security is essential because businesses are becoming increasingly more SaaS driven—Fortune Business Insights reports that “the global SaaS market is projected to grow from $273.55 billion in 2023 to $908.21 billion by 2030.” This growth demands a holistic SaaS ecosystem security program that can help protect an organization by eliminating vulnerabilities and mitigating risk using the latest cybersecurity methodologies.
Now for the big question—where do you start?
Begin with Identity Fabric
Identity is one of the main barriers that threat actors must overcome. In fact, today, a person’s identity is often all that’s standing between a threat actor and a company’s most sensitive data. Identity fabric is a concept put forth by Gartner, which can be used to prevent this type of attack. This concept, which includes Identity and Access Management (IAM) and Identity Governance and Administration (IGA), requires centralized access control over decentralized applications and must be capable of tracking access from humans and machines, including access granted to third-party applications.
Speed is also important. Identity fabric must be fast, operating with near-imperceptible latency, so it doesn’t impact the user experience. The speed must be accompanied with an effective alert system that sounds the alarm in the event of suspicious activities, such as the creation of new admin accounts.
Complement with Endpoint Protection
Another important element is Endpoint Protection. Today this is rarely considered when teams strategize over SaaS security approaches. This is a big mistake. Computers and other devices that access the SaaS stack are often using outdated operating systems, web browsers, anti-virus software, or other outdated software. All of these can be exploited. For example, a keylogger on a computer used by a high-privileged SaaS admin can hand over the keys to valuable SaaS data.
Endpoint protection is vital to a holistic SaaS ecosystem security program because it allows teams to monitor device operating systems being used to access the SaaS stack, check compliance of the device to global standards and company policy and generate a user risk assessment.
By combining endpoint protection hygiene data with SaaS data and associating devices with users, security teams can manage SaaS risks. With this context, the organization can develop security policies and prioritize and manage the remediation of device vulnerabilities or limit access.
Deploy SaaS Threat Detection
The detection of SaaS threats requires an identity-centric approach. Identity Threat Detection & Response (ITDR) is defined as a set of security measures designed to detect and respond to identity-related Indications of Compromise (IoCs), suspicious activities and malicious applications that have accidentally been installed by users.
Once in the security team’s hands, they can investigate and respond to these threats.
Secure the Breadth and Depth of the Ecosystem
For most organizations, the SaaS stack covers a broad range of applications that touch every department. However, a major mistake many security teams make is that they tend to focus their efforts on the most critical applications, such as CRM or Workspace. As a result, while they protect data in these areas, they are exposing sensitive records stored within all the other applications.
Best practices do dictate that teams begin by securing the most important applications within the organization’s stack, but they don’t suggest stopping there. Securing the SaaS ecosystem requires an approach that is both broad in terms of covering every application and deep in terms of security checks.
The Attainment of SaaS Ecosystem Security
SaaS-enabled businesses are increasingly becoming the norm as companies experience the vast benefits that come with these new cloud offerings. Naturally, these new environments introduce new challenges, especially for security teams.
The best way to secure a growing SaaS stack is through a holistic approach that leverages the SaaS security tools that deliver a comprehensive approach to all SaaS apps in the stack. In addition, they must emphasize securing identity-based access points as well as endpoint devices that access SaaS applications, and review 3rd party applications that are connected to various SaaS hubs while maturing the organization’s ability to prevent threats.
This is how businesses can soar in the cloud while keeping this new and growing environment fully protected.
