A SaaS provider is always responsible for taking steps in securing a platform, network, applications, operating system, and physical infrastructure. But providers are not responsible for securing customer data or user access to it. Yet, some SaaS providers offer a bare minimum of security, while others offer a wide range of SaaS security options.
Gartner predicts that by 2022 95% of all cloud security failures will be the customer’s fault. Every customer can try to avoid security breaches by implementing various SaaS security practices and technologies. Here are some of the best SaaS security practices organizations can employ to protect data while using SaaS applications:
- Identity and access management (IAM). A role-based identity and access management solution doesn’t allow the end-users to gain access to extra resources their job doesn’t require. Using processes and user access policies, this solution can detect specific files and applications a particular user can access. The data can also have a role-based access, so that the end-user will have permission to view only particular data.
- Cloud data encryption. This solution helps to protect not only the data in storage, but the one that is in transit (between the end-user and the cloud or between cloud applications). Sensitive data encryption falls under the government regulations. Thus such information as financial, healthcare data and personally identifiable information (PII) should be encrypted. While a SaaS vendor may provide some type of encryption, an organization can enhance data security by applying its own encryption, such as by implementing a cloud access security broker (CASB).
- Data loss prevention (DLP). DLP software detects sensitive data within SaaS applications or outgoing transmissions of sensitive data and blocks the transmission. Thus, it cannot be downloaded. DLP also blocks malware or hackers from attempting to access and download data.
- Collaborative controls. This software can detect granular permissions on files that are shared with other users, including users outside the organization who access the file through a web link. Thus, if the employees share confidential documents through email, team spaces, and cloud storage sites such as Dropbox, the software will be able to detect it.
- Provider’s security audit. The recent survey by Cloud Adoption and Risk Report shows that nearly 70% of clients trust their providers to secure their data. However, only 8% of the cloud services actually meet the data security requirements defined in the CloudTrust Program. Only 1 in 10 providers encrypts data at rest, while only18% support multifactor authentication. Thus, all the providers should be checked on their compliance with data security and privacy regulations, data encryption policies, employee security practices, cybersecurity protection, and data segregation policies.
SaaS security solutions
Saas product expert Maksym Babych notes that organizations can improve security by using various types of security solutions. The organizations can use them separately or together.
- Data loss prevention (DLP) ) allows securing intellectual property and sensitive data in cloud-based applications..
- Compliance solutions can ensure controls and reporting capabilities to meet government and industry regulations.
- Advanced malware prevention includes such technologies as behavioral analytics and real-time threat intelligence. They can detect and block zero-day attacks and malicious files that may be spread through cloud email and file sharing applications.
- Cloud access security brokers (CASBs) protect enterprise data and users across all cloud services, including SaaS, PaaS, and IaaS. According to Gartner’s Magic Quadrant for Cloud Access Security Brokers, CASBs detect threats and provide IT departments with greater visibility into data usage and user behavior for cloud services, end-users, and devices. CASBs also act immediately to remediate security threats by eliminating security misconfigurations and correcting high-risk user activities applications. CASBs allows to:
- Monitor for unauthorized cloud services
- Enforce data security policies including encryption
- Collect details about users, who access data in cloud services from any device or location
- Block access to cloud services based on the user, device, and application
- Provide compliance reports
CASB solutions, which are usually SaaS applications, may also allow to:
- Encrypt files
- Access the pre-built policy templates to guide IT staff through the process of policy creation Monitor user entity behavior analytics (UEBA) backed by machine learning
- Use an in-application coaching to help end users to learn improved security practices
- Audit security configuration to suggest changes to security settings based on the most efficient practices
The cloud security practices and effective SaaS security solutions may help IT departments to protect their cloud applications and data.