We all use SaaS apps. Whether you’re in HR, PR, sales, R&D, finance or legal, chances are that SaaS apps are an integral part of your job. They’re easy to onboard, decentralized, readily available and truly boost productivity. Need a quick grammar check? Looking to share large files? Maybe you want a new company-wide chat solution or looking for full blown marketing automation – no matter the need, there’s (probably) a SaaS app for that. It’s no wonder research firm Gartner predicts spending on SaaS applications will see a 42% increase during 2022.
However, an employee’s dream can quickly turn into a security leader’s nightmare. SaaS applications introduce a new, intricate and interconnected attack surface that is already being abused by cyber criminals. Take the recent LAPSUS$ attack on Okta where, according to the attackers, they were able to gain access to Okta’s AWS keys via an Okta Slack channel. Or the recent Hubspot data breach, or the national threat group that targeted an airline using Slack free workspaces… It’s a long and growing list of potential threats that originate in either the SaaS applications themselves, or how they’re used (and abused) by end-users.
As the popularity of SaaS applications continues to rise, we expect to see more and more organizations struggling to get on top of their SaaS usage. Many have already implemented various security measures in an attempt to block potential hacks: Blacklisting apps, legacy CASB solutions, and even manually monitoring SaaS usage over Excel… But the problem is, up until today there hasn’t been one concise and/or clear solution to take care of SaaS security as a whole. An automated SSPM that’s always running, always making sure SaaS can be used freely and is not putting the business at risk. Well, that just changed.
The three pillars of a successful SaaS Security program
A. Cover ALL major SaaS security related concerns
SaaS security is vast, so where to begin? After interviewing many dozens of security practitioners and researchers, we identified five major SaaS related concerns that must be addressed if SaaS security is to be achieved:
- Discover and analyze all the SaaS applications in your organization, both active and dormant. Sounds basic, but in today’s cloud based, remote based work environments, keeping track of all the many hundreds of SaaS applications being used by all users in all locations at all times is easier said than done. Within minutes of onboarding Wing, you’ll be able to get a full view and understanding of your organization’s SaaS landscape with a simple and friendly UI. You might have heard of app discovery before, and if so you might be thinking – I really don’t want these guys sitting on my browser and I really don’t need another proxy… you’re right. That’s why Wing’s Discovery methods are non-intrusive. We are not a proxy. We don’t use a proxy. We value your privacy.
- Identify and shut down risky app2app connections. Most SaaS applications today are interconnected within a giant network. Marketplaces may come to mind here but it doesn’t stop there. Many apps rely on other apps in order to provide the service they promise. These connections are important and usually beneficial to the end-user. Cyber criminals have also noticed these connections and the potential vulnerabilities that lay within. Knowing which connections are necessary and which should be shut down is key to a secure and clean SaaS environment.
- Data shared externally. Being able to share files or repositories with external bodies is extremely important for business. But these open shares are a backdoor into your organization’s data. They’re risky in more ways than one. Take the following worrisome scenario: An employee has access to sensitive reports as part of their job. They leave their job, but these reports are still shared with them and therefore they still have access to sensitive data. Think of them leaving on not so good terms… If this sounds far-fetched, take a look at what happened to Block. While the company has yet to confirm how the reports were accessed, it’s safe to say that no former employee should have access to sensitive data once they have left the company. Without a proper SaaS cybersecurity mechanism in place to shut down risky shares in a timely manner, organizations face substantial risk.
- Inconsistent or problematic user behaviors. While usually not with bad intent, user actions can result in serious security breaches. Inconsistent user states, external users with high permissions or users who use unwanted authentication methods are some examples of the information security leaders need to have if they’re going to keep a clean and secure SaaS environment.
- Last but not least, SaaS is dynamic and always on. New applications are onboarded daily. Knowing of these new additions, their security ranking, their compliance, their compatibility with security policies, and the risks associated with them is an ongoing task. Security leaders need their SaaS cybersecurity solutions to constantly be on the lookout for new apps and never stop monitoring and alerting.
B. Remediate, automatically
Mapping out your entire SaaS landscape and knowing about all the security risks and vulnerabilities that you’re facing is extremely important. But it is only the first step. We fully know and appreciate that security leaders don’t need yet another solution to flag all their security issues. What they really need is solutions. “Don’t just tell me I have a problem, fix it”. That’s precisely what Wing Security does – we find them, we fix them. End of story. Wing comes out of the box with remediation paths that can be fully automated. Our goal is to save our customers’ valuable time and energy.
C. Engage your end users
SaaS security does not have to be a business blocker, it can and should be an enabler by giving employees the opportunity to own their SaaS security. At the end of the day, end-users know the business context of the apps they choose to use. These apps are meant to help them do their job better which is why, whenever possible, we encourage our customers to engage end-users on the security of their SaaS apps. Security always has the upper hand, and can always choose to block or revoke problematic apps or usage patterns. But we found that security leaders who engage with their users end up with a better informed decision making process and better yet – a stronger security culture. Alerting users of a risky app, unnecessary permission they gave or problematic usage pattern while also explaining the rationale behind the alert – really goes a long way in ensuring users are security conscious and cooperating.
One last thing…
SaaS cybersecurity and management is becoming an increasingly “hot” topic, with many solutions out there trying to tackle various aspects of securing an organization’s SaaS usage. Gartner found in the 2020 CISO Effectiveness Survey that 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio; 12% have 46 or more. According to Gartner: “Having too many security vendors results in complex security operations and increased security headcount”.
As SaaS continues to boom and expand, and as SaaS related attacks continue to make headlines, security leaders are faced with the challenge of choosing which SaaS security tools they need in place. When developing Wing, we envisioned a solution that will truly take the load off the overworked and understaffed security teams. This is precisely why we developed Wing Security for SaaS security. Rather than 4-5 different security solutions, each specializing in a different aspect of SaaS security, we made the ambitious decision of creating a single solution that will cater to all major SaaS concerns. To truly allow security leaders some peace of mind, at least when it comes to SaaS.