SaaS: improving security through application visibility

Moving to SaaS: narrowing the security gap through application visibility
(Image credit: Shutterstock)

COVID-19 and the rise of remote working has accelerated digital transformation strategies. Organizations across the world quickly shifted to the cloud, and specifically software-as-a-service (SaaS) applications, to maintain team productivity, minimize disruption to business operations and ensure efficiency. And it’s clear to see why. It’s cost effective, low maintenance, and provides ease of access for users at any time, anywhere. Therefore, it’s easy to understand why Gartner predicts SaaS revenue will grow to $140.6 billion by 2022, up from $102.1 billion in 2019. However, for all the benefits of SaaS applications, there is one key challenge that must be addressed for the full potential of these applications to be utilized – the security gaps.

Given how central SaaS applications have become to boosting employee productivity and user experience, businesses must not become complacent when it comes to their security. It simply cannot be assumed that the applications are inherently secure. This is especially true as remote working continues and opens up additional security challenges for businesses to overcome. For example, employees using their personal devices and turning to SaaS applications outside of corporate control. If businesses fail to address these security gaps, they risk exposing themselves to serious cybersecurity threats such as malware or ransomware attacks. When left undetected, this kind of malicious activity can be hugely damaging to a business’s reputation, financial stability and overall growth.

Let’s explore what exactly is the contributing to the security challenges for SaaS applications and why gaining full-fidelity visibility is the key for businesses to overcome them.

The threats from remote working

As lockdowns and COVID-19 restrictions continue throughout Europe, many companies are faced with the ongoing challenge of staff completing work outside of the rigorously controlled corporate network. Namely, employees choosing to use personal devices or opting out of using business-sanctioned SaaS applications in favor of those that allow them to better accomplish and maintain business processes. For instance, it may take a considerable amount of time for an employee to share files using fileshare over their business VPN. To counteract this, the employee might create a WeTransfer account, unbeknown to the enterprise, and share their files with other colleagues through this. As businesses do not have visibility or control over these unsanctioned applications or personal devices, they are unable to secure them, creating a modern form of “shadow IT” that is leaving the IT team with serious security blind spots. Consequently, it is significantly harder for businesses to establish when individual users have been compromised by nefarious apps, browser extensions, malware or phishing. Events which may result in attackers gaining direct access to the data in the SaaS applications of the user and by extension the wider business network.

In addition, as SaaS applications are run by external servers, organizations no longer consider it their responsibility to ensure the data stored within the applications is effectively protected. With this mindset, businesses are failing to put the correct technologies in place that will give them the right level of visibility over their applications and employees. When it is taken into account that enterprises can only resolve and overcome the security threats they can see, gaining a level of full-fidelity is crucial. Without this, organizations are left in the dark and increasingly vulnerable to external threats, such as phishing attacks, risking long term reputational damage caused by the loss of sensitive customer data.

Considering it is a matter of when rather than if a business will fall victim to a security compromise, it is imperative that companies harness the power of visibility tools to detect unwelcome threats to SaaS applications. Visibility enables businesses to quickly detect any unwanted security threats, help mitigate the risk it could pose to the wider enterprise and ultimately enable organizations to reap the benefits of SaaS applications.

Closing the gap

Moving forward, it is vital businesses address the inherent security flaws for the advantages of SaaS applications to be realized. After all, these applications undeniably drive the efficiency of business operations by improving the productivity of remote employees. Consider collaboration applications such as Slack or Zoom. Both tools have seen usage numbers soar thanks to their ability to keep employees connected. In the last year alone Zoom has boosted its customer base nearly five fold.

As a first port of call, businesses must carefully review which SaaS applications they want to adopt. When weighing up the options, it is important to keep in mind that the most economical choice is not always the right one. In fact, some of the most popular and affordable video conference applications do not have end-to-end encryption. As a result organizations can fall victim to eavesdropping or interception on private business calls, with attackers gathering information that can be used to carry out spear phishing campaigns at a later date. To reinforce security and regain control, companies must seriously consider which applications they are deploying and whether they will have visibility over them. In doing so, businesses can reduce the number of security blind spots that SaaS applications create, lessen interruptions for the workforce and sustain smooth business operations.

In relation to cost, businesses also need to pay close attention to how often they switch between applications. Thanks to their easy deployment, companies may feel they can easily save on costs by flexing between SaaS solutions. However, corporate IT teams require time to master how to monitor new systems and understand what normal access patterns and needs look like. As teams get to grips with how new applications operate, they are more likely to miss unusual activity, meaning users are left increasingly vulnerable to security threats such as viruses or trojan malware. It is therefore critical that businesses reduce the number of times they jump to new applications in the hope of cutting costs. This will help to minimize security threats going undetected and ultimately help close the security gap SaaS applications open up.

Staying secure through data and visibility

Assessing which applications to adopt and reviewing how often changes are made are good first steps. However, it is only half the story in overcoming the security challenges. To truly narrow the security gap, businesses must also collect and record as much data from throughout the virtual enterprise as possible. This includes monitoring user’s laptops, their applications log in and the traditional network border. By doing so, enterprises will be in a far better position to identify sabotage, espionage or compromise.

Additionally, armed with this insight, enterprises can also spot any performance issues within SaaS applications that could be hindering employee productivity and business operations. This is where dual security and performance solutions, such as network performance management tools play a key role. With these systems in place, businesses can achieve full visibility over SaaS applications, analyze the data collected and pinpoint any redflag activity. In turn, companies can quickly rectify any problems to ensure applications and employees are operating efficiently and securely.

Gaining visibility and getting a handle on security

With remote working here to stay, so too are SaaS applications. It is therefore crucial that organizations acknowledge the responsibility they have to secure them and to adopt the right technology to support this. A key part of this approach will be investing in solutions that give full-fidelity visibility over applications and enable IT teams to narrow the security gaps within the enterprise. Equipped with network performance management tools, businesses can operate with the assurance that they are able to quickly detect and resolve security threats. In doing so, they can successfully drive employee productivity, maintain smooth operations and ultimately keep business growth on track, regardless of what 2021 has in store.

  • Gary Duggan, Vice President Technology Solutions, EMEA, at Riverbed Technology.

Vice President Technology Solutions, EMEA, at Riverbed Technology.