What is SaaS?

Benefits of SaaS

• On-demand and scalable resources
  Organizations can purchase additional storage, end-user licenses, and features for their applications on an as-needed basis.
• Fast implementation
  Organizations can subscribe almost instantly to a SaaS application and provision employees, unlike on-premises applications that require more time.
• Easy upgrades and maintenance
  The SaaS provider handles patches and updates, often without the customer being aware of it.
• No infrastructure or staff costs
  Organizations avoid paying for in-house hardware and software licenses with perpetual ownership. They also do not need on-site IT staff to maintain and support the application. This enables even small organizations to use enterprise-level applications that would be costly for them to implement.

SaaS security

SaaS providers handle much of the security for a cloud application. The SaaS provider is responsible for securing the platform, network, applications, operating system, and physical infrastructure. However, providers are not responsible for securing customer data or user access to it. Some providers offer a bare minimum of security, while others offer a wide range of SaaS security options.

Below are SaaS security practices that organizations can adopt to protect data in their SaaS applications.

• Detect rogue services and compromised accounts: Organizations can use tools, such as Cloud Access Security Brokers (CASB) to audit their networks for unauthorized cloud services and compromised accounts.
• Apply identity and access management (IAM): A role-based identity and access management solution can ensure that end users do not gain access to more resources than they require for their jobs. IAM solutions use processes and user access policies to determine what files and applications a particular user can access. An organization can apply role-based permissions to data so that end users will see only the data they’re authorized to view.
• Encrypt cloud data: Data encryption protects both data at rest (in storage) and data in transit between the end user and the cloud or between cloud applications. Government regulations usually require encryption of sensitive data. Sensitive data includes financial information, healthcare data, and personally identifiable information (PII). While a SaaS vendor may provide some type of encryption, an organization can enhance data security by applying its own encryption, such as by implementing a CASB.
• Enforce data loss prevention (DLP): DLP software monitors for sensitive data within SaaS applications or outgoing transmissions of sensitive data and blocks the transmission. DLP software detects and prevents sensitive data from being downloaded to personal devices and blocks malware or hackers from attempting to access and download data.
• Monitor collaborative sharing of data: Collaboration controls can detect granular permissions on files that are shared with other users, including users outside the organization who access the file through a web link. Employees may inadvertently or intentionally share confidential documents through email, team spaces, and cloud storage sites such as Dropbox.
• Check provider’s security: An audit of a SaaS provider can include checks on its compliance with data security and privacy regulations, data encryption policies, employee security practices, cybersecurity protection, and data segregation policies.

SaaS security solutions

Several types of security solutions can help organizations improve SaaS security. The solutions can be implemented separately or together as part of a CASB:

• Data loss prevention (DLP) safeguards intellectual property and protects sensitive data in cloud applications, as well as at endpoints such as laptops. Organizations can define data access policies that DLP enforces.
• Compliance solutions provide controls and reporting capabilities to ensure compliance with government and industry regulations.
• Advanced malware prevention includes technologies such as behavioral analytics and real-time threat intelligence that can help detect and block zero-day attacks and malicious files that may be spread through cloud email and file sharing applications.
• CASBs protect enterprise data and users across all cloud services, including SaaS, PaaS, and IaaS. According to Gartner’s Magic Quadrant for Cloud Access Security Brokers, CASBs detect threats and provide IT departments with greater visibility into data usage and user behavior for cloud services, end users, and devices. CASBs also act immediately to remediate security threats by eliminating security misconfigurations and correcting high-risk user activities applications. CASBs provide a variety of security services, including:
  • Monitoring for unauthorized cloud services
  • Enforcing data security policies including encryption
  • Collecting details about users who access data in cloud services from any device or location
  • Restricting access to cloud services based on the user, device, and application
  • Providing compliance reporting

CASB solutions, which are typically SaaS applications, may provide additional capabilities. These may include:

• File encryption
• Pre-built policy templates to guide IT staff through the process of policy creation
• User entity behavior analytics (UEBA) backed by machine learning
• In-application coaching to help end users learn improved security practices
• Security configuration audits to suggest changes to security settings based on best practices

IT departments can learn to protect their cloud applications and data by following cloud security best practices and implementing effective SaaS security solutions. Cloud security solutions from Skyhigh Security enable organizations to accelerate their business growth by giving them visibility and control over their applications, devices, and data.