SaaS Security: Risks and Mitigation Methods

Written by Dipen Rana and Pooja Patil, TCS

As a pandemic-triggered hybrid work model settles in, many enterprises are moving onto the cloud for better agility and greater efficiency. With the cloud offering subscription-based models and eliminating infrastructure cost, organizations have the flexibility to pay only for the services they use. Cloud is the ideal solution for resiliency and scale. But, despite the advantages of cloud, the threat of data theft looms large over enterprises.

Cyber security solutions need to address the following challenges of SaaS platforms:

• Identity theft is, and will always remain, the biggest concern in cloud security. Form-jacking is on the rise. There is an elevated risk of economic and emotional damages. To protect against identity theft, first, enterprises must be aware of users, their roles and titles, and access privileges to SaaS apps. Secondly, they need to ensure authorized access for both B2B/B2C and internal/external users accordingly. By providing the least privilege rights and ensuring safe access from outside their network, enterprises can control, monitor, and manage user access and prevent malicious identity theft maneuvers. It is also essential to educate users on the disadvantages of common passwords for all applications so that they are not victims of a brute force attack. To summarize, controls that can improve identity and access management are the implementation of single sign-on, the definition of role-based access control, and the enforcement of multi-factor authentication.

• Most of the company’s expenses are unexpected and are directly linked to malware attacks. To prevent data leakages, enterprises must first know where the data is situated, how it is accessed, and how it is shared so that they can prevent cyber-attacks related to data exfiltration and from unauthorized access. It is necessary to identify compromised user accounts on time to prevent malicious data uploads to SaaS applications. Identifying abnormal user activity and preventing intentional/accidental leakage of data through endpoints using threat protection tools are also important methods to counter malware attacks in the cloud.

• Privacy is mandatory for compliance management. If data is not protected, then monetary fines may be imposed. But the pandemic brought upon every organization a rushed adoption of remote work policies, which resulted in gaps and led to data breach proliferation. To prevent leaks, organizations should discover their data across multiple sources and classify it so that necessary permissions can be assigned to access confidential/restricted data to ensure only authorized users can access it. Encryption of data in rest or in transit should be ensured and policy configuration using DLP (Data Loss Prevention) tools must be carried out to control data transfer in and out of the organization to applications and endpoint devices.

• Gaining visibility into modern IT environments is a challenge that most organizations are finding difficult to overcome. As enterprises use multiple SaaS tools, it is difficult to detect their utilization, cost, overlap functionality and unapproved software. Therefore, logging and monitoring are required to ensure visibility of the overall robustness and functionality of applications. Enterprises can also gain deeper insights into activities, situational analysis, and intelligent logs processing. Logging will capture all audit logs so that administrators can investigate the root cause, prepare a report, and sort security events. This will help in learning attacks better and risk mitigation.

• Understanding the shared responsibility of the SaaS delivery model for cloud applications is critical for enterprises to develop an efficient cyber security strategy for SaaS apps in the cloud, since managing these incidents is within the scope of their responsibility. Native investigation and alerting tools such as SIEM and SOAR solutions can help enterprises with updated incident response methods using playbooks. This will enable faster response to alerts. With the help of intelligent analytics and machine learning algorithms, automated responses can be generated to alert and act on incidents.

Conclusion:

SaaS security management and governance are necessary for an enterprise’s cyber defense and should be a key focus area. Data and identity protection and monitoring of applications are important to ensure the right set of security controls are applied and defined. Also, well-defined enterprise processes, security controls, and adherence to compliance requirements can improve the security posture.

Authors’ Profiles:

Dipen Rana has more than 14 years of experience in enterprise security and his primary responsibilities include defining Azure and M365 cloud security strategy, implementing cloud security controls, and guiding and advising on end-to-end cyber security modernization journeys for customers across the globe. He has a bachelor’s degree in computer application and has certifications in CEH, AZ 500, and MS 500.

Pooja Patil is part of the TCS Center of Excellence working primarily in the cloud security domain for various customers in roles such as consulting, advisory, design and implementation of multiple solutions.