The Move to SaaS – Gaining Visibility over Applications to Close the Security Gap

By Vincent Berk, Chief Security Architect, Riverbed Technology.

  • 3 years ago Posted in

The rise in remote working has greatly accelerated digital transformation. Businesses worldwide are migrating to cloud and software-as-a-service (SaaS) applications to maintain efficiency, smooth operations, and optimise team productivity. In fact, Gartner predicts that SaaS revenue will grow to $140.6 billion by 2022, up from $102.1 billion in 2019. It’s easy to understand this uptick given the cost-effectiveness, low maintenance, and ease of access for users any time, anywhere. However, it’s been said that “nobody ever washes a rental car”, and enterprises frequently take the same stance toward upkeep of SaaS applications. This approach leaves businesses open to serious security gaps, unexplainable performance issues, and a lack of cost control for a sprawling SaaS fog, all of which are detrimental to business growth. 

 

When operating SaaS applications, businesses are left struggling to detect external threats such as phishing attacks. This is because there can be the perception from enterprises that SaaS applications are inherently secure, and the enterprise is therefore no longer responsible for effectively securing the data they store within them. With a mindset of ‘out of sight, out of mind’, businesses are failing to put the correct measures in place to ensure they have the right level of visibility over their employees and applications. Without full-fidelity visibility, organisations are increasingly vulnerable to cyberattacks that could result in serious implications if left undetected. For example, loss of sensitive customer data causing long term reputation damage. As such, it is crucial — especially during periods of remote working — that organisations use visibility tools to recognise activities unique to the threats to SaaS applications. Only then will they be able to reap the benefits of these applications without the risk. Below, I’ve set out what companies should keep in mind.

 

Remote working and the rising threat

As a large portion of the European workforce continues to operate remotely, organisations are faced with the challenge of employees carrying out activity outside of the tightly controlled corporate network. One of the primary drivers for this is that staff are increasingly turning away from business-sanctioned SaaS applications in favour of those that enable them to better maintain and carry out business processes. For example, an employee may find that sharing files using the fileshare takes too long over the corporate VPN. Consequently, they spin up a WeTransfer account, and begin sharing their files with other employees in this way, all outside of the visibility of the enterprise. This modern form of “shadow IT” is creating a serious security gap as businesses don’t have any visibility over unsanctioned applications used by their workforce and can therefore not secure them. 

 

Similarly, with the direct path to SaaS, using personal, or at least unmanaged devices from a corporate perspective, it has become significantly harder to detect when individual users have been compromised. After all, the data in the SaaS application is only as secure as the user accounts that have access to them. Phishing, malware, and nefarious apps and browser extensions may all be vectors through which the users’ devices may be compromised, giving a direct path to the data in the SaaS applications that user has access to. Given the fact that it is only a matter of time before any business falls victim to a security compromise this lack of visibility is simply unacceptable. 

 

Narrowing the gap 

It is clear that SaaS applications are helping to improve employee productivity and boost the efficiency of business operations during remote working. In fact, collaboration applications such as Zoom and Slack have experienced a drastic increase in usage as employees continue to use them to maintain communication. Zoom alone has grown its customer base nearly five-fold since last year but to fully realise the benefit of these applications, the security risks inherent in SaaS must be addressed. 

 

The first step in overcoming these challenges is carefully considering which SaaS applications the business wants to deploy. When making these decisions companies should remember that the most affordable choice is not always the best. Take some of the most popular video conference applications, for example, which may not possess end-to-end encryption. Without this, the enterprise is left vulnerable to interception or eavesdropping on confidential business calls and obtaining information that can later be used to perform spear phishing campaigns. However, these kinds of flaws or the resulting exposure are often not factored into the business decision making. To redeem control, and bolster security, enterprises must assess which applications they are deploying and whether they are able to gain visibility over them. In doing so, organisations can minimise disruptions to employees and maintain smooth business operations. 

 

There is a related issue with respect to a cost-first approach to SaaS selection. The ease of deployment and re-deployment of SaaS may lead companies to feel that they can make cost gains through flexibility, choosing one SaaS offering one year and switching to another the next. While there may well be significant cost reductions in spend, every change represents a window of significant security vulnerability. Corporate IT needs time to learn how to monitor new systems and understand what normal access patterns and access needs look like, and users are particularly vulnerable to phishing while they are still learning how to interact with new systems. Continual changes can leave a company constantly vulnerable to attacks that would otherwise be easy to resist.

 

However, to truly begin closing the security gap, businesses also need to record and collect as much data from across the virtual enterprise as possible. This includes monitoring the traditional network border, the user’s laptop, and their application log in. The more information that can be collected from as many angles as possible, the better prepared the enterprise will be to spot compromises, espionage, or sabotage. Besides security solutions, performance issues of SaaS applications are hurting performance and businesses must consider dual-use solutions such as network performance management tools to help them achieve this duality of visibility for performance and security. With these mechanisms in place, the enterprise can gain visibility over SaaS application usage and forensically analyse the data collected to identify any concerning activity. This will enable businesses to quickly resolve any issues and ensure their employees and the applications are working securely and efficiently. 

 

Owning your security and gaining visibility 

SaaS applications are the future. It is therefore vital that businesses recognise their responsibility to secure them and make the necessary investments to achieve this. This includes adopting technologies that will provide much needed visibility over applications and help IT teams to close security gaps across the business. In doing so, enterprises will be better positioned to keep business operations running smoothly – safe in the knowledge that they able to detect and overcome any unwelcome security threats. 

 

By Barry O'Donnelll, Chief Operating Officer at TSG.
By Dr. Sven Krasser, Senior Vice President and Chief Scientist, CrowdStrike.
By Gareth Beanland, Infinidat.
By Nick Heudecker, Senior Director at Cribl.
By Stuart Green, Cloud Security Architect at Check Point Software Technologies.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Damien Brophy, Vice President EMEA at ThoughtSpot.