SaaS Security Management: A CISO Guide | Part I
Chief Information Security Officers (CISOs) have no shortage of security-related concerns today. The threat landscape for all businesses worldwide is growing, and the risks are becoming more ominous. CISOs who oversee the security for large enterprise environments with 1000+ users or more are juggling many considerations as they invest in technology solutions and leveraging various cloud technologies to empower their workforce.
These considerations include managing multiple users, changing user groups, and controlling & securing access to multiple business-critical SaaS applications. This first in a series of CISO guides will explore the need for threat management and automated solutions for securing SaaS data.
SaaS Security Challenges
The modern organization today has a much different technology landscape than the business of a decade ago. Companies today are using cloud technologies in the form of cloud Software-as-a-Service applications to empower end-users to be productive, no matter where they are located, what platform they are using, or which network they are using for connectivity.
Cloud Software-as-a-Service platforms such as Google Workspace and Microsoft 365 have revolutionized the collaboration and productivity tools and solutions that modern organizations can use to provide the tools and software the distributed workspace needs to remain productive. The past year with the COVID-19 pandemic has demonstrated the power of cloud applications to allow remote users to stay productive despite diverse work environments.
The trend of “lift and shifting” applications to the cloud shows no signs of slowing down anytime soon as business leaders see the value of cloud-native applications and tools. Cloud SaaS applications provide unmatched agility and a model of spending that aligns well with modern fiscal objectives – OpEx instead of CapEx.
The growing threat landscape of SaaS Applications
While there are many tremendous advantages to leveraging the power of cloud SaaS applications, organizations have to be alert to the growing threat landscape and the lack of native tooling to help ensure their data is protected and backed up properly. Modern security threats such as ransomware are arguably one of the greatest threats to business-critical data. Attackers and cybercriminals are increasingly using ransomware to target cloud environments. Note the following.
- In 2021, a ransomware attack will hit a business every 11 seconds
- The cost of ransomware attacks in 2021 will reach $20 billion
- 73% of ransomware attacks in 2020 were successful
Many organizations have a regimen of security processes, procedures, and technology solutions for on-premises environments. These were fairly effective when data, services, and clients all existed on-premises. However, as business-critical data and applications are now located in hybrid configurations, stretching to the cloud, traditional cybersecurity solutions are ineffective in protecting data in the cloud. As mentioned, data, services, and clients are no longer in one “nice, neat bundle” located in a single environment. These now spread across numerous networks and locations as end-users access cloud SaaS environments.
The new majority remote workforce has opened up new challenges for businesses supporting business continuity and using cloud SaaS resources. As an example of how the remote workforce has caused a cybersecurity conundrum for organizations, on May 7th, 2021, Colonial Pipeline was hit with a ransomware attack from a criminal hacker group known as “Dark Side.” The attack caused the company to shut down critical systems and infrastructure and resulted in a gasoline shortage across the United States.
Eric Cole, who authored the book Cyber Crisis and has his own cybersecurity company, Secure Anchor, said the situation with the Colonial Pipeline ransomware attack was directly related to the COVID-19 pandemic. The infrastructure changes made to allow remote workers to carry out business-critical tasks for Colonial evidently led to the compromise, resulting in significant disruption for millions across the country.
Rethinking SaaS threat management
With CISOs at the helm, businesses must rethink their SaaS threat management strategies with the ever-changing threat landscape and organizations today dealing with tremendous cybersecurity challenges. It is no longer good enough to have a firewall protecting the perimeter and all your clients running signature-based virus scan tools and feeling confident about your security posture. Cloud SaaS cybersecurity threats are evolving and allowing cybercriminals to compromise business-critical data using new attack vectors. These include third-party applications in cloud SaaS environments, OAuth compromise, and file synchronization, which can quickly introduce ransomware into the environment.
CISOs play an increasingly important role in protecting valuable business-critical assets that directly impact the ability of businesses to carry out daily operations. As shown in the Colonial Pipeline attack, today’s businesses are critically dependent on technology for business operations. Business leaders and CISOs must rethink traditional cybersecurity threat management processes and solutions and shift to a more modern approach. This shift involves using solutions that are “cloud-aware” and can protect business-critical data in cloud SaaS environments.
SaaS Security automation
A significant shift in the way businesses are securing their environments from a cybersecurity perspective is using security automation. In a report from Cisco, Steve Martino, Senior Vice President, and Chief Information Security Officer, Cisco said:
“As organizations increasingly embrace digital transformation, CISOs are placing a higher priority in adopting new security technologies to reduce exposure against malicious actors and threats. Often, many of these solutions don’t integrate, creating substantial complexity in managing their security environment. To address this issue, security professionals will continue the steady movement towards vendor consolidation, while increasing reliance on cloud security and automation to strengthen their security posture and reduce the risk of breaches.”
SaaS Security Posture Management (SSPM)
Security automation allows organizations to increase their security posture. It is encompassed in a new type of methodology organizations use to bolster their cybersecurity stance, SaaS Security Posture Management (SSPM). SaaS Security Posture Management (SSPM) is a new security methodology part of a broader term coined by Gartner called Cloud Security Posture Management (CSPM). SaaS Security Posture Management Platform describes next-generation automated tools that enable security teams to have the visibility and management of the security posture of SaaS environments.
Gartner defines SSPM as:
“…tools that continuously assess the security risk and manage SaaS applications’ security posture. Core capabilities include reporting native SaaS security settings’ configuration and offering suggestions for improved configuration to reduce risk. Optional capabilities include comparison against industry frameworks and automatic adjustment and reconfiguration.”
The legacy tools of traditional on-premises environments and all manual human-driven efforts are no longer feasible for fighting against modern ransomware and cybersecurity threats in the cloud. Security automation as part of SSPM relies on automated, computer-driven processes for many day-to-day security operations (SecOps) tasks such as threat detection and threat remediation. Computers are much more adept at recognizing anomalies and patterns in the environment that may indicate a cybersecurity threat or data breach. This computer-driven automation uses artificial intelligence (AI) and machine learning (ML) which use advanced algorithms to detect these anomalies.
The importance of a proactive SaaS security posture
It is becoming increasingly important that businesses react quickly to any hint of ransomware or a data breach in the environment. Each passing second, minute, and day leads to further damage to business-critical data, customer confidence, and your business’s overall ability to recover. According to the IBM Cost of a Data Breach Report 2020:
“On average, companies in the 2020 study required 207 days to identify and 73 days to contain a breach in 2019, combining for an average “lifecycle” of 280 days.”
Modern ransomware variants are also combining the threat of data leak with the existing threat of data encryption. In other words, if you don’t pay the ransom, the attackers release your sensitive business data to the Internet. A recent article from HelpNetSecurity, noted, “the vast majority of ransomware attacks now include the theft of corporate data….”
As CISOs develop a cybersecurity strategy moving forward with cloud SaaS technologies, reacting quickly to a threat in the environment gives attackers much less time to damage and exfiltrate your data to the Internet. It also means that you can potentially cut the data down exponentially if you have to employ backups to recover data. This fact comes into play when considering that major cloud SaaS vendors are throttling API calls to the backend SaaS systems. A ransomware infection allowed to affect vast amounts of data will undoubtedly trigger API limitations during data recovery.
Businesses can no longer afford to be reactive with their security posture. They have to be offensive and proactive to stay ahead of the evolving threat landscape. As CISOs and business leaders plan the cybersecurity strategies of the coming months and years, they need to look to bolster their cybersecurity initiatives with a proactive security posture utilizing security automation.
Overview of SpinOne SaaS Security Posture Management Platform (SSPM)
In this section and the parts to follow, let’s see how the SpinOne SaaS Security Posture Management (SSPM) Platform allows businesses of all sizes, including enterprise organizations with 1000+ users, to meet current and future cybersecurity challenges head-on. The SpinOne SSPM uses artificial intelligence (AI) and machine learning (ML) to improve the overall security stance of your organization. It has been engineered with modern cloud SaaS environments in mind to help alleviate the complexities and challenges of protecting business-critical data from current cybersecurity threats.
It is making it simple for SecOps and SaaSOps teams to manage and protect SaaS data properly.
SpinOne SaaS Security Management Platform Features
- Artificial intelligence-powered cloud ransomware detection
- AI-based ransomware recognition and risk management
- Risky application scoring for third-party applications
- Domain audit
- Flawless cloud backup and restore
SpinOne’s proactive ransomware protection is arguably the best on the market against modern cloud-aware ransomware variants in the wild. It uses an intelligent, automated response mechanism, including the following:
- Monitor – 24/7 SaaS data monitoring
- Detect – Proactive AI-based crypto-behavior
- Stop – Identify the malicious source of a ransomware attack, revoke its API access, stop the attack and prevent encryption of other files or messages in the cloud
- Recover – Identify the number of encrypted files and perform a granular restore from the last successfully backed up version
In the next part of the CISO SaaS security guide, we will take a much closer look to see how SpinOne allows your organization to have a much stronger security posture. We will see how the features and capabilities SpinOne provides effectively offer the automated tools needed to meet the challenges of today’s cybersecurity landscape of both small and large organizations.