In a new era of hybrid workspaces, many sectors are making the shift to the cloud and adopting cloud-based SaaS applications at an accelerated pace for agility and scalability - but this practice and the efficiencies that are gained come at a cost. Business leaders are realizing that they must allot more of their resources and budgets to address new security concerns surrounding these transitions to keep their environment safe and prevent breaches.

Challenges related to infrastructure shifts to the cloud accelerated due to remote work and the COVID-19 pandemic. Deloitte found that 64% of companies enabled remote work in 2020. Over half of these companies plan to preserve this setup, resulting in a surge of cloud software and core SaaS application adoption.

With the growing implementation of cloud and SaaS applications comes new avenues for cyberattackers to access and hold hostage companies’ high-value assets.

The Acceleration of SaaS Adoption Introduces New Threats for Enterprises

SaaS platforms are often considered to boost productivity, save time, and reduce cost, but now in the context of the global pandemic, they are no longer a nice-to-have but rather critical to business operations. Consequently, multiple sectors are undergoing massive shifts, making it easier for mal-intended folks to slip through the cracks.

Necessary operational data is now being split across different cloud applications, challenging security teams to constantly plumb the data and pull audit logs and metadata to understand what employees are doing and identify abnormal risky behavior.

The shift to remote work and employees being scattered throughout the country and globe has made security teams’ jobs even more difficult as they now have to consider new threat models and new indicators to detect risks.

Examples of behavior that security teams need to track:

• Abnormal logging frequency behavior
• Accounts with multiple concurrent sessions
• Abnormal number of downloads by users
• Abnormal logging behavior from different locations
• Abnormal usage of critical systems
• And much more!

With many companies relying on more than one SaaS application, security teams need to build out point detections for each platform and cross-correlate access patterns, which are hard to scale. They end up with blind spots and aren’t confident that they see everything they should, leaving them open to breaches and potential compromises.

Security Teams Are Left to Pick Up the Pieces

Security teams are being strained with data plumbing tasks, as somebody has to build the pipes to connect all of the data, normalize it, and make sense of it. 80% of their time is now spent plumbing data and streamlining it to understand it and check compliance blocks and only spend 20% of their time analyzing the data and identifying strategies to better secure their environment. Seems like this ratio should be reversed, right? 

Most security engineers aren’t specialized in or excited to do data plumbing. They instead should focus on asking the right operational questions and implementing new innovative strategies to detect malicious activities, protect customer data and the company’s high-value assets.

Departmental Variation in Application Usage Causes Difficulty in Building Comprehensive SaaS Security Strategy

Building a comprehensive security approach that can be used consistently across an organization, departments, and different applications is no easy task.

As business operators vary across departments and have specific goals to achieve, they utilize different applications to enhance productivity. Each application has its own unique capabilities and ways of using data and enabling different employees. Frequently many risk trade-offs are also being considered, and teams are adopting new applications without security teams’ involvement or knowledge. 

Security teams need to be agile to these variations in addition to scouting red flags while trying not to disrupt business operations.

How Can Automation & New Technology Developments Help?

The development of new technology, advancement of natural language processing, artificial intelligence, and machine learning can pave the path to elevating security teams and making them more proactive and innovative when tackling ongoing challenges. 

Today’s technology keeps security teams focused on retrospective analysis for incident response rather than prognosing where future fires may arise. Organizations need two teams operating in parallel; one to short the known risks of what has happened in the past, and one to predict net new threats.

Innovation in automating the data plumbing aspect of understanding what is happening at any given moment across many different applications is key to giving security teams the ammunition they need to get ahead of attacks and combat malicious behavior. By eliminating the constant need to index, configure, normalize and maintain different data feeds, security teams can focus on learning and understanding their environment and implementing strategies to keep it safe.

As the world is changing at a rapid speed, we need to focus on building solutions that help teams keep up with the change and remain proactive.