Cloud applications enlarge productivity. But when it comes to protecting your organization against cyberattacks, they also represent a significant and growing risk.
Your data is in more places than ever. It lives in authoritative on-premises and cloud data stores. online collaboration platforms like Microsoft 365, and – software-as-a-service (SaaS) applications like Salesforce.
This digital transformation means that traditional security- is focused on strengthening perimeter defences and protecting endpoints . Those can dangerously reveal your business. When hundreds or thousands of devices access corporate data from virtually anywhere. Then your perimeter is harder to define and harder to observe. If a cyberattack hits your business, an attacker could use a single endpoint as a gateway to access large amounts of corporate data.
Businesses depend on lots of SaaS applications. These applications can house some of your organization’s most valuable data. Unfortunately, gaining visibility on these apps can be difficult. As a result, we find that various types of risk are accumulating faster than leaders often realize.
Three SaaS Security Risks
Unprotected sensitive data
SaaS applications make collaboration faster and easier by empowering end-users. They can share data with other workers and external business partners without help from IT. With productivity gains, unfortunately, there is an increase in risk and complexity.
On average, employees can access millions of files that are not relevant to their work. The damage an attacker could do by using one person’s agreed credentials, without doing anything out of the ordinary, is huge.
With cloud apps and services, the provider protects the basic structure of the app, but data protection is up to you. Most organizations can’t tell you where your sensitive data is. Therefore, SaaS applications become a problematic blind spot for CISOs.
Let’s see an example. Salesforce contains critical data, from customer lists to pricing information to sales opportunities. It’s a gold mine for attackers. Salesforce does a lot to protect its software, but ultimately it’s the customer’s responsibility to protect the data that resides there. Most companies wouldn’t know if someone accessed an unusual number of account records before leaving to work for a competitor.
Cloud Defect
SaaS providers add new functionality to their applications all the time. With so much new functionality, administrators have a lot to keep up with and many settings to learn about. If your configurations aren’t perfect, however, you can open your applications – and data – to risk. And not just to anyone in your organization but to anyone on the internet.
All it takes is a misconfiguration to expose sensitive data. As the CEO of a company that helped businesses identify misconfigured Salesforce communities (websites that allow Salesforce customers to connect and collaborate with their partners and customers). I have seen first-hand how, if not set up properly, these communities can also allow malicious actors to access customer lists, support cases, email addresses from employees, and more sensitive information.
App Associated risk
SaaS applications are more valuable when associated. For example, many organizations connect Salesforce to their email and calendar system to automatically record meetings and customer communications. Application programming interfaces (APIs) allow SaaS applications to connect and access information from each other.
Though APIs help companies to fulfil more values from their SaaS applications, they also increase risk. If an attacker manages to gain access to a service. They can use these APIs to move laterally and access other cloud services.
Evaluating Productivity And Security In The Cloud
When it comes to cloud apps and services, you have to balance the tension between productivity and security. Think of it as a vast, interconnected attack surface that can be colluded on in new ways. The perimeter we used to defend is gone. Terminals are access points.
Now consider what you are up against. Cybercrime, whether from malicious insiders or external actors, is everywhere. If you keep sensitive data, someone wants to steal it. Method created by state actors have spilled over into the criminal realm, and cryptocurrency continues to motivate attackers to hold data for ransom.
Cloud Performances
Defending against attacks on your data in the cloud requires a different approach. It’s time for cybersecurity to relentlessly focus on data protection.
Data protection starts with understanding your digital assets and knowing what is important. I’ve come across large companies that assume 5-10% of their data is critical. However, when ransomware arrives, one way or another, everything becomes critical and, often, they end up paying.
An attacker’s job is much easier if he only needs to compromise one account to access your sensitive data. Do your best to limit access to important and sensitive data so employees can only access what they need to do their job. It’s one of the best defences, if not the best, against data-driven attacks like ransomware.
Attackers are more likely to raise alarms if they have to jump through more hurdles to access sensitive data. So When you locked down critical data, monitor and profile usage so you can report and investigate it quickly.
If you can’t see the risk of your data in the cloud or know when an attack might be in progress, you’re flying blind.
If you can find and lock down important data in cloud applications. Monitor how it’s used, and detect abuse, you can answer most of the problem.
It’s the zero-trust snippet: restrict and control access because no account or device should be completely trusted, no matter where they are or who they claim to be. This makes even more sense in the cloud, where users and devices, each a gateway to your critical information, are everywhere.
