Businesses are constantly faced with the task of balancing the advantages of productivity gains and lower costs against significant compliance and security concerns as they move their data and applications to SaaS apps.
It’s clear which way the pendulum has swung.
TechCrunch reported that the COVID-19 crisis has caused a surge in SaaS sales. For example, revenue at Slack increased by nearly 50% year-over-year as people used the platform increasingly to communicate from home.
The problem with this is two-fold. Firstly, a lot of SaaS applications store sensitive data such as the credit card info of their customers. This creates a ton of potential SaaS security issues.
A cybercriminal may attempt to conduct a data breach to gain access to this information or steal credentials for malicious reasons. Given that in the U.S. a data breach costs a company on average $8.19 million, it’s incredibly costly when this occurs.
Secondly, many companies simply haven’t kept pace with the volume of data flowing to and from their multiple SaaS vendors.
So, how do you manage the sheer volume of sensitive data now housed in these apps? By using these three tips to ensure your SaaS apps are secure.
Evaluate Your SaaS Vendors
While it’s certainly easy to buy software, it’s not easy to buy software with the right level of security for your organization.
Many SaaS providers can share some sort of report on their security posture. Organizations can also use their own internal checklists or questionnaires to evaluate the security of the provider.
You should consider asking questions like:
- How will they let you know of known or suspected incidents, and when?
- How will the provider monitor the solution themselves?
- How do they install security patches, ensure versions are current and keep the solution free from security vulnerabilities?
Many SaaS providers can provide evidence to indicate how well they have implemented their security. For example, the Cloud Security Alliance’s (CSA) Security Trust Assurance and Risk (STAR) Program is one third-party certification.
Finally, some vendors share the results of their own security tests or allow customers to perform penetration tests; this provides a better understanding of vendor security practices.
Reconsider Your Security Architecture
The adoption of SaaS means that you’ll also need to reconsider your broader security architecture.
Many cloud providers recommend whitelisting solutions to enable their customers’ employees to access a particular solution via their office network.
The problem with this approach is that it’s now easy for employees to bypass the office network and use other connections to the solutions they use–especially given the proliferation of remote working.
People might not even log into an office network at all, so IT has to ensure that these endpoints are secure even when they’re not connected to the network.
Beyond a BYOD security plan, you should also include additional security measures for your SaaS apps like multifactor authentication.
Gain Visibility Into Your SaaS Apps
SaaS management platform (SMPs) allows IT operations administrators to manage the day-to-day operations for Microsoft Office 365, Google G Suite, and other frequently used SaaS applications.
They can manage application policies, take corrective action, track application usage, and automate IT administrative tasks.
Put simply; a SaaS management platform helps companies understand which SaaS applications are being used, how they’re being used, and who has access to them.
Gaining this visibility will ensure that a software’s users have appropriate access by their role, and make sure that user rights are either adapted or removed as quickly as possible if they’re offboarded from an organization.
This visibility also allows you to:
- Identify sanctioned and unsanctioned apps used by your employees
- Identify who has access to what applications
- Identify SaaS apps used and any redundancies or cost savings
The Wrap on Securing SaaS Apps
There’s no going back to a time when the in-house IT team controlled all of the data onsite. SaaS solutions are expanding capabilities and lowering costs so there’s never been a better time to incorporate these security measures.
