In a sense, it is understandable why so much business and consumer coverage of tech security is driven by the latest high-profile breach. After all, good security that works and prevents malware and ransomware attacks does not generate headlines. However, to those of us active in information archiving and cloud security and who understand the blessings and dangers of Software-as-a-Service (SaaS) in the cloud, for example, it sure is maddening.
Software as a service (SaaS) has taken over, and the average enterprise now uses hundreds of unique SaaS applications to accelerate their digital transformation and business velocity. However, while SaaS has fulfilled its growth-enabling potential, most organizations have lost their grip on its consumption and use. IT and security teams can no longer depend on network or endpoint controls to govern application access.
Now that there’s momentum to build security controls into your Software-as-a-Service (SaaS) deployment, here are some actions that organizations can take in order to kickstart a SaaS security program.
Ben Johnson, former NSA and Chief Technology Officer (CTO) of SaaS application security firm, Obsidian, has found that businesses around the world are adopting Software as a service (SaaS) apps in droves for collaboration, ease of access to data and business continuity. With this increased adoption, comes the inevitable trend of state-sponsored actors merely logging in to steal data rather than having to break in. Here, Johnson talks to Security magazine about security issues associated with SaaS applications.
Meet Brian Soby - he has held security leadership roles at Salesforce and in the financial tech industry. Prior to founding AppOmni, Soby founded a cloud software security consultancy. He served as Director of Security at Taulia and managed all security functions, including product/application security, compliance, physical security, and corporate information security. Before that, he was the Director of Product Security at Salesforce and a Lead Security Engineer at MITRE. Here, we talk to Soby about how organizations can avoid today's biggest challenges with Software as a Service (SaaS).
For years, just about every update of consumer cloud applications would include new features that the user could configure around their personal taste, convenience, and preferred uses. Over time, and with increasing features and capabilities, what had begun as an application’s simple settings, was replaced by a proliferation of tabs, cascading drop-down menus, banners, breadcrumbs, hyperlinks, bookmarks, and more, creating a world of choices and individual styles.
Organizations' migration to the cloud is a broad term that encompasses many different trends: (1) Moving existing applications from private data centers to AWS, Azure, or the Google Cloud Platform as cloud service providers (CSPs), often referred to as lift-and-shift or infrastructure-as-a-service (IaaS); (2) Completely restructuring how applications are built to make heavier use of prepackaged services available on these cloud service platforms – often referred to as lift-and-reshape, serverless, or platform-as-a-service (PaaS); (3) Choosing to forgo running copies of standard applications instead of having the application vendor host them is sometimes referred to as drop-and-shop or software-as-a-service (SaaS).
AppOmni released findings of their latest survey highlighting the security concerns of cloud SaaS applications as they become more essential for enabling remote workers.
The number of IT-sanctioned SaaS apps has increased tenfold since 2015, and 76% of those professionals surveyed see unsanctioned apps as a security risk.
