SaaS applications are a fundamental part of modern businesses, providing efficient automation and streamlining operations. As reliance on these applications grows, so does the risk of cyber attacks and data breaches. The Democratization of SaaS, the act of employees onboarding new services without IT involvement, has led to a big increase in the amount of SaaS services in organizations and to an exponential increase in the amount of connections between services, like Slack, SFDC, Google Workspace, GitHub and many more.
This phenomenon makes understanding an organization’s SaaS ecosystem much harder, let alone trying to protect it.
Understanding the Risks of SaaS Ecosystems
It’s very likely you depend on external SaaS platforms to run your business, while these are great for productivity they create a wide range of potential vulnerabilities, from data exfiltration to phishing to use of non-compliant apps or services. High profile organizations like Uber, Okta, HubSpot and DoorDash suffered from third-party breaches involving SaaS services in use in the organization.
According to Gartner, the increasing adoption of SaaS has led to blind spots and control gaps in ever-more critical applications – for example, one third of all API tokens in an organization are stale. This means the security team needs visibility into all installed services and users in the organization, which SaaS services they are using and what data is shared between them. Understanding how different services communicate with each other, how users interact and what data is flowing inside the ecosystem is key to ensuring the security of data and preventing supply chain attacks.
Securing Your Saas Ecosystem As Fast As It Evolves Is No Longer Possible By Humans Alone
While there are tools that focus specifically on individual services or users within the SaaS ecosystem, taking a holistic approach is critical to effectively managing the growth of third-party risk.An automatic tool will make it easier and more effective to detect anomalies that could indicate a security threat. By looking at all parts of a modern SaaS ecosystem, such as Services, Users, Data and Connections, organizations can develop a better understanding of what is considered a normal and expected behavior, analyze how data moves through SaaS services and identify patterns. Onboarding a tool that does this automatically will reduce the burden of mundane tasks from the IT team, allowing them to focus on high-priority threats.
Creating a clear SaaS connectivity map, the IT team can get instant insights across the entire SaaS ecosystem and take actions to remediate security gaps such as revoke stale or misbehaving tokens, get alerts on actual and potential compliance issues, allow policy enforcement and automate other SaaS security hygiene tasks.
Organizations could leverage machine learning mechanisms that can baseline SaaS- to-SaaS behavior norms and alert on anomalies. Anomalous behavior could be a sign of unauthorized access by hackers attempting to access sensitive data. Here is an example: an employee installs an app on Slack, the app will remain installed unless someone removes it. Even if the employee then leaves the organization, the app may continue to work as before. For example, as applications on Slack remain installed even when the employee who installed the app leaves, the chances of manual processes finding a
misbehaving app is significantly reduced, even if that app gathers sensitive information from Slack channels. Automatic tools can alert on this app joining new channels or being accessed from new locations and stop attackers before any real damage is done.
The Shadow, The Personal, And The Unused
Aside from the risks associated with known SaaS services, there are also other potential risks to consider. These include shadow SaaS, personal apps in the corporate environment, and unused services.
Shadow SaaS refers to the use of unsanctioned SaaS applications by employees, which bypass IT approval processes. This can lead to an increased risk of data breaches, as these applications may not be secure or comply with the organization’s security policies.
Personal apps in the corporate environment pose similar risks. Employees may use personal applications for work purposes, which can lead to unauthorized access to sensitive information and potential data leakage. Additionally, these applications may not be updated regularly, leaving them vulnerable to security threats. SaaS services that are no longer being used by an organization may also pose a risk since they may store sensitive information, when targeted by cybercriminals can be leveraged for malicious purposes. To mitigate this risk, it is important for organizations to regularly review their SaaS subscriptions and remove any unused services or data that is no longer necessary.
In conclusion, securing your SaaS ecosystem is more critical than ever before. It is essential to have a comprehensive understanding of all the services, users, data, and connections in the ecosystem to ensure data safety and prevent potential supply chain attacks. Adopting a holistic approach, leveraging machine learning, and implementing a Zero Trust strategy that expands beyond user accounts to service accounts and API keys are all crucial steps to mitigate the risks associated with SaaS. By incorporating these best practices, organizations can stay ahead of cyber threats and maintain a secure SaaS ecosystem that supports their business operations.
About the Author
Aner is the co-founder and CEO of Atmosec. A cybersecurity leader with the heart of an engineer who loves the challenge of finding simple solutions for complex problems. At Atmosec, Aner is dedicated to helping growing companies secure the adoption, usage and management of an unlimited number of business applications across their organization, with unparalleled visibility and confidence.