When the The White House warned all companies Being on high alert for cyberattacks earlier this year was a wake-up call for many. While these types of warnings are often directed at government agencies or even critical infrastructure companies, a blanket warning is unusual.
All organizations should take this warning as an opportunity to review and, if necessary, improve their security. Security for software as a service (SaaS) applications is often a blind spot, so pay more attention to your SaaS ecosystem. SaaS is ubiquitous, highly configurable, and continually updated, leaving many organizations vulnerable if they aren’t closely monitoring security breaches and changes.
Continuous monitoring is key to keeping up with SaaS changes, but that’s not all you’ll need to gain better visibility into your SaaS security. Follow these seven steps to implement enhanced security measures that will help minimize the risk of a breach:
1. Close critical configuration gaps. Some 55% of companies have sensitive data exposed to the internet, and misconfiguration is often to blame. The configurability that makes SaaS applications so powerful is also a weakness if not closely monitored. Get better visibility into your SaaS platform configurations, starting with those that host the most sensitive data and have the most users. Consult better practices of the Cloud Security Alliance and other experts and close those configuration gaps.
2. Disable legacy authentication methods and protocols. Most compromised login attempts come from legacy authentication, which doesn’t support multi-factor authentication (MFA). Even if you have an MFA policy enabled on your directory, a bad actor can still authenticate using a legacy protocol and bypass MFA. The best way to protect your environment from malicious authentication requests made by legacy protocols is to block these attempts entirely.
3. Apply stronger authentication requirements. an account is 99.9% less likely to be compromised if you use MFA.
4. Analyze and monitor conditional access rules. Attackers often modify conditional access rules to further open access permissions or implement exception rules. Since these rules can be nested and complex, it is important to validate the rules and enable continuous monitoring. Keep an eye out for any IP block changes and exceptions.
5. Assess third party access. Third-party apps and integrations are often installed with high-level permissions and can be conduits for horizontal privilege escalation to other SaaS systems. Verify that access and third-party applications have been reviewed, approved, and are in active use. To reduce the risk of third-party compromise, grant permissions and data access to third-party apps following the principle of least privilege, and remove access as soon as it is no longer needed.
6. Identify access permissions to public and anonymous data. Least privilege access gives you better protection as ransomware attacks proliferate and toolsets to execute attacks become more widely distributed. Data access modeling and third-party application analytics can help identify points of exposure to the public Internet, allowing you to better protect all data sets.
7. Monitor for abnormal user activity. Be on the lookout for password spread and excessive failures. Monitor compromised accounts in threat intelligence feeds. The faster you can detect unusual activity, the faster and better you can respond and limit damage.
SaaS applications perform business-critical functions in many organizations, and SaaS security should be considered as critical as the security measures put in place for other technologies. Continuous monitoring of your SaaS ecosystem, dealing with misconfigurations quickly, and policing third-party access to your systems can help keep your data secure and your business running smoothly.