Enhancing SaaS app security: Best practices for cloud protection

A person at a laptop with a secure lock symbol floating above it.
(Image credit: Shutterstock / laymanzoom)

Modern technology is constantly evolving to meet the needs and demands of the business world which requires efficiency, collaboration, and security at all times. While Software as a Service (SaaS) applications have played a critical role in work production and collaborative capabilities, the advantages of cloud computing have further enhanced user experience. However, the cloud has consequently presented organizations with many new security challenges. As a result, organizations are obligated to prioritize protecting the most sensitive information within the cloud domain against a multitude of security threats, but this isn't without its difficulties. 

The lack of a clearly defined boundary adds a layer of complexity to cloud application security. The trend of hybrid working, and multi-cloud environments has broken this down, removing all oversight and control that security teams previously had when individuals worked from one location. Naturally, the traditional security tools used historically are now effectively obsolete and are unable to handle these new challenges.

In efforts to address the issue at large, some organizations have chosen to leverage a Cloud Access Security Broker (CASB) to reduce cloud security risks. While this is certainly advisable, organizations must understand that choosing the right CASB for their environment is an equally important task. Ideally, organizations should follow recommended best practices to guarantee the safeguarding of data within SaaS applications.

Sundaram Lakshmanan

CTO at Lookout.

Guidance no.1: Gain an understanding of the cloud ecosystem

The cloud landscape has dramatically changed in recent years and is continuously evolving. A decade ago, businesses only used a small number of cloud applications. Today, modern enterprises are using hundreds of cloud apps, necessitating the need for a CASB product that can enforce the policies across the network. Yet, in order to effectively protect against cloud-based threats, it is important for organizations to take the time to understand the landscape of their cloud environments. While SaaS applications are typically in the spotlight, it is equally important to identify how data storage solutions such as Amazon Web Services and Google Cloud Platform are being utilized. For this reason, the CASB solution should have capabilities that include protection to these repositories.

The news cycle is regularly filled with data breaches or leaks from cloud apps and data repositories due to misconfigurations. Therefore, the CASB should also have the capabilities to identify and remediate these misconfigurations to meet the security standards of the organization.

Guidance no.2: Do you have extended visibility?

There are many avenues in which cybercriminals can take to threaten sensitive data especially as they are not confined to SaaS apps alone. In the modern age of remote and hybrid working, threat actors will look to leverage various unmanaged devices and apps used by employees, partners and contractors to access corporate data.

When deciding on a CASB solution for the organization, ensure to check it can detect data exchanges in unsanctioned cloud apps, unmanaged devices, and email platforms. All three are valuable in promoting hybrid-working and collaboration but they also present some of the biggest data security risks. Ultimately, the CASB solution must provide the organization with clear visibility into users, apps and devices and how they are interacting with the data on the network.

Guidance no.3: Embrace adaptive access

As a golden rule, cloud security should never impede productivity, instead it should act as an enabler. When examining traditional access management solutions, it was common for solutions to compromise sensitive data protection to enable seamless access. Typically, access is granted to the user who has the appropriate credentials and will not consider if the account is compromised or the danger of insider threats. This method is highly risky and should be avoided at all costs. Instead, organizations should deploy a CASB solution that can intelligently determine who requires access as this will bridge the balance between security and productivity. Additionally, following an adaptive Zero-Trust approach to access controls will grant access based on several factors including the devices security and the user and entity behavior analytics (UEBA). This advanced level of access security will continuously assess the risk levels before determining whether access should be granted.

Guidance no.4: Proactive data protection

The mindset towards cloud application security is still very much reactive and unfortunately, most organizations will only make security a priority after an incident happens. Data is the most critical asset a business owns, thus safeguarding it against cloud security threats should remain a top priority. Without data, businesses cannot operate efficiently, nor can they provide the necessary service to its customers, hence why it is often described as the lifeblood. Therefore, organizations must take a proactive approach to securing sensitive data within the CASB via data loss prevention (DLP). With this tool, the CASB can enforce policies that ensure that data security standards are being met without impacting the productivity levels of the workforce. Furthermore, taking a data-centric approach can incorporate certain data security measures such as redacting or masking sensitive information within a file, watermarking documents or disabling downloads – which is more progressive than automatically denying access to documents. Additionally, it is vital for security teams to have the ability to protect sensitive data as it extends to unmanaged applications and devices. Enterprise digital rights management (EDRM) can be employed to automatically encrypt data when it transfers outside the company, ensuring sensitive information remains protected even beyond your control.

As the rate of cloud adoption continues to increase across the business world, threats against cloud technology and the sensitive information that resides within will become more prevalent. Given the multiple data security and privacy regulations that are being enforced, organizations and security teams have a duty and responsibility to ensure data is being adequately protected. Failure to do so will be considered an act of negligence that is punishable by hefty fines and penalties. Given that today’s data is digital and moves without boundaries, its time organizations took a proactive stance and deployed security that moves with it. Investing in a suitable CASB solution is a step in the right direction and will help organizations ensure they are protecting data whilst reducing costs, boost productivity, ensure regulatory compliance, provides visibility and flexibility and reduces the risk of unauthorized usage or access.

We've featured the best encryption software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Sundaram Lakshmanan is CTO at Lookout.