The US Department of Defense (DoD) has 3 million employees and 4,800 locations in 160 countries. The IT requirements of an organization like the US Department of Defense are–to put it mildly–unique. So, it came as a surprise to many in the space when the DoD announced they would be transferring IT resources to the cloud in April of 2019.
The DoD’s decision underlines just how ubiquitous cloud-based technology has become. It’s no longer “if,” but “when” and “how” to move to the cloud. While there are still a few stragglers in the large enterprise space, SMEs have embraced the cloud––and in particular SaaS applications––wholeheartedly. Just take a look at the percentage of companies that will be running purely on SaaS by 2022.
This adoption of SaaS products makes sense for several reasons. SaaS applications are often the most affordable and attractive option out there for SMBs. They often lead to lower CapEx and operational overhead, while also offering quick deployment compared to on-premise software. It’s a winning combination.
SaaS Security Issues
It’s no surprise then that with near-universal SaaS adoption, SaaS security issues have increased too. As mentioned above, SaaS products are relatively straightforward to deploy, and therefore individual business units within a company can often procure them without oversight from IT or security teams. According to one study conducted by Frost & Sullivan and sponsored by McAfee, more than 80% of respondents use non-approved SaaS applications in their jobs.
As the number of SaaS tools in an organization explodes, so too does the opportunity for inconsistent and problematic security policies. If you have an inkling that this is happening in your organization, it’s not too late to get a handle on it. Here are four SaaS security issues that need to be top-of-mind in 2020.
In 2016, an attack compromised 68 million Dropbox user accounts. The attackers exploited an improperly secured employee password to obtain email addresses and hashed and salted passwords from breached accounts that were created in 2012 and earlier. Dropbox is just one example of the many high-profile breaches that have occurred in the last decade.
The nature of data stored in SaaS applications makes data breaches particularly problematic: This data often includes financial information, customer data, intellectual property, and other sensitive information. In light of this, SaaS suppliers and customers should ensure that they have in place appropriate technical and organizational measures to keep personal data safe and a protocol for responding to breaches if they do occur.
Another SaaS security issue is the loss of data access control: The IT department no longer has complete control over which user has access to what data and the level of access. Employees may accidentally delete data resulting in data loss or expose sensitive data to unauthorized users resulting in data leakage. The darker side of employee risk involves acts with malicious intent. The results are devastating.
In one of the most high profile intrusions to date, South Koreans learned in January 2014 that data from 100 million credit cards was stolen over several years. What ensued was chaos. More than 2 million South Koreans subsequently had their credit cards blocked or replaced. What followed for the organization was senior executive resignations, government investigations, and financial loss.
Behind the theft was an employee of the Korea Credit Bureau (KCB), a solvency company. While one would imagine a highly sophisticated operation, he merely copied the data to an external hard drive. He then resold the data to credit traders and telemarketing companies.
One of the most well-known examples of phishing occurred during the 2016 US presidential election, when former White House chief of staff and the chairman of Hillary Clinton’s campaign, John Podesta, had his personal Gmail account hacked.
These attacks aim to use the familiarity users have with the SaaS platform to trick them into handing over other credentials, creating an interaction that results in widespread credential theft. Just take a look at the email that tricked Mr. Podesta.
Malware propagation is a significant SaaS security issue and a constant threat to SaaS applications. With SaaS applications acting as storage clouds, they become an effective distribution medium for malware. On average, one in three corporate instances of SaaS apps contained malware, and Microsoft OneDrive had the highest rate of infection at 55%.
Managing the Top SaaS Security Issues
Increased organizational awareness of these SaaS security issues can ensure mitigating and eliminating them. Assessing risks and implementing intelligent controls helps to enhance the security of your SaaS applications.
Many companies focus on asking questions about SaaS security during the sales process. Given the evolving threat landscape, it’s crucial to ensure you assess the threats from emerging technologies and cyber threats.
You don’t have to go it alone: With a SaaS application management platform like Augmentt, you can easily track usage of unauthorized SaaS applications to enforce SaaS security policies.
As President and CEO, Derik leads the vision, strategy and growth of Augmentt. Prior to founding Augmentt, Derik was the Vice President at SolarWinds, leading the digital marketing strategy for SolarWinds’ Cloud division. Derik has been working in the channel for over 20 years, starting his career as a channel sales rep at Corel Corp. and eventually becoming the first employee at N-able Technologies in April of 2000.
Augmentt is a centralized SaaS security platform built for MSPs to deliver scalable managed security services for Microsoft and cloud apps. Our multi-tenant platform gives you visibility across all your end-users to easily audit, protect and detect security threats for a holistic approach to cyber security.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.