Strengthening security in a multi-SaaS cloud environment


Share post:

Managing security across multiple SaaS cloud deployments is becoming more challenging as the number of zero-day and ransomware attacks continues to rise. In fact, recent research reveals that a staggering 76% of organizations fell victim to a ransomware attack in the past year.

It’s no secret that protecting data is hard, and with the rise of cloud technologies, it’s becoming harder. But when it comes to cloud SaaS application risk, what does that look like? And what actionable steps can teams and IT pros take to help mitigate those risks at their organization? In this article, I’m going to explore those questions and provide some insights.

Navigating the maze of SaaS challenges

Modern organizations encounter a variety of SaaS challenges, including the absence of configuration standards, multiple APIs, and user interfaces (UIs) with varying access levels and potential data leaks across interconnected systems. Securing structured data in CRM applications, communication data in messaging platforms, and unstructured data from file providers is already difficult.

However, when these systems are sourced from different vendors, it becomes even more challenging to detect and prevent attacks in a timely manner. The interconnected nature of these systems makes tracking data provenance difficult and facilitates broad spread of malware and ransomware.

This challenge is further exacerbated when organizations extend their systems to include external users. With expanding footprints, the inadvertent leakage or destruction of sensitive data becomes a significant concern. Popular platforms like Salesforce Communities, Slack Connect, Microsoft Teams, Microsoft 365, and Google Drive create a complex web of identity, permissions, and integration controls.

Unfortunately, most endpoint management tools on the market were designed for a pre-cloud, pre-bring-your-own-device (BYOD) era, making them inadequate for managing the modern SaaS landscape. So how do you take control?

Taking control with new solutions

When managing risk in the cloud, it’s crucial to select IT and security solutions that truly address the intricacies of the deployed SaaS applications and were born 100% in the cloud without any legacy on-premises components. The good news is that vendors are developing innovative solutions to help IT and security teams do this. But it’s essential to explore the options and consider the following:

First, do they go beyond basic factors such as OAuth scopes, login IP addresses, and high-level scores, and instead delve deeper into data usage patterns and even examine the code of all integrations?

Second, many major SaaS vendors provide event monitoring, antivirus protection, and basic data leak prevention as check boxes. But these features often fall short when it comes to preventing and remediating data attacks because of miscalibrated thresholds in alert systems and logs that are not tuned for specific organizations. That results in alert overload and fatigue. It’s important to understand how a solution improves risk scoring and alert prioritization.

Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Akamai launches new cloud computing regions in Asia, Europe and the Americas

Akamai today announced a major expansion of its cloud computing presence around the world. While you might still...

QED and Partech back South African payment orchestration platform Revio in $5.2M seed

The payment landscape in Africa is still fragmented, with several payment operators providing different payment options to...

New research: Vast majority of VC-backed UK startups do *nothing* on climate emissions

Some 76% of the top 500 VC-backed UK startups have done nothing to either measure or offset...

Google launches earthquake alerts on Android in India

Google has announced the launch of its earthquake alert system for Android devices in India. The system...

The writers strike is over; here’s how AI negotiations shook out

After almost five months, the Writers Guild of America (WGA) has reached an agreement with Hollywood studios...

Atlassian CTO: We were late moving to the cloud, on the ball with AI

“I’m responsible for all of engineering at Atlassian,” Rajeev Rajan said in our interview onstage at TechCrunch...

What is Amazon’s [redacted] ‘Project Nessie’ algorithm?

The FTC’s lawsuit against Amazon alleging anti-competitive practices is largely full of things we already knew in...

Sources: Palo Alto in advanced talks to buy Talon and Dig in a $1B security sweep

Palo Alto Networks’ stock price has been on the rise on the back of strong earnings and...