Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more
This article was contributed by Thomas Donnelly, chief information officer of BetterCloud.
Despite massive cybersecurity investments, SaaS security remains a major enterprise challenge. One reason is the tremendous growth in SaaS adoption. According to research we recently conducted, organizations use an average of 110 SaaS apps, representing a nearly a 7x increase in SaaS app usage since 2017, and almost a 14x increase since 2015. SaaS security automation could help to solve current security issues.
But it’s not just SaaS growth that overwhelms security. The use of shadow applications continues to plague most organizations. Nearly three-quarters of IT pros worry about unsanctioned SaaS applications, just to paint the picture.
SaaS growth has broadened attack surfaces, which has also created more opportunities for data breaches. Alarmingly, we’ve seen a 20-fold jump in the number of files containing PII created at companies using SaaS applications. Attackers are well aware of this and are getting better and better at finding the back door — whether it is an infrastructure vulnerability or an unintentional misconfiguration.
But continuing to pile onto your security stack to solve the problem can be counterproductive. Enterprises have too many security tools. These often conflict or gradually drift out of configuration, and coverage gaps emerge.
The answer? It’s certainly not having a bigger SOC with more bodies to manually manage user permissions, files shared, configurations, etc. — that’s a recipe for more mistakes. SaaS security needs to find a way to “heal itself” — to detect vulnerabilities, remediate them, and then check them automatically. This cycle of Detect→ Fix→ Verify requires automation. It also requires that multiple platforms work together.
SaaS security: Automation and visibility
The big challenge in SaaS security is visibility. Our research shows that the number of applications a company uses is twice as much as what they thought.
And that’s just the applications. Most security teams cannot handle the day-to-day management of access privileges of thousands users across hundreds SaaS applications without overlooking something. And if they find any issues — thousands of exposed files with confidential information — they can’t control them.
SaaS applications are conceived and built for collaboration and sharing data. That’s critical for employee and business productivity. But sensitive information flows through these apps, and employees can often make mistakes, like leaving files open to the public without knowing it. Bad actors are well aware most employees are not security pros — and they prey on that.
A lack of standardized onboarding/offboarding processes are also open doors for hackers. If employees and contractors are not offboarded automatically when they depart, they often retain access to sensitive files with sensitive data.
Once IT solves the visibility challenge and starts on automation, there can be serious progress toward “self-healing security” — which implies security that gets progressively better, instead of degrading constantly.
Self-healing SaaS security: Piecing the puzzle together
But how does self-healing security actually work? It takes a group of platforms that work together, with significant automation, to make it fast and accurate. These platforms address visibility across SaaS applications, management of files and users, and automated “red team” testing to find security gaps and prioritize them. They then orchestrate remediation and validate that the fixes are effective. Without commenting on specific products, some industry ecosystems already integrate platforms to at least partially address this cycle of Visualize→ Detect→ Prioritize fixes→Automated remediation→Validation of “healing.”
Depending on the issue, much of the response can be automated. One example: a user publicly shares a file that contains social security numbers. Your security should automatically detect the problem, unshare the file, and notify your security team. Another example that is universally relevant: every company needs automated detection of employee terminations and immediate user de-provisioning across every application and confidential information resource.
Automation is critical for speed because data exfiltration can happen quickly. The mean time to repair (MTTR) application security breaches is usually estimated at an unacceptable 50 days. Cutting that by 99.99% would be a good start!
Myth or reality?
Is self-healing security, or SaaS security automation, a practical reality for today’s IT? The answer is a cautious yes. IT can deploy several components that work together today. Depending on the tech providers and ecosystem you choose to work with, some of the integration and automation is already in place.
Self-healing SaaS security should not require an enormous number of vendors and platforms, nor dozens of point security controls. With careful product selection to acquire and align SaaS management and security platforms, there’s reason to be optimistic about reversing the constant breakdown of security. Self-healing security should offload the most tedious and error-prone aspects of SaaS oversight and free up your security teams to be more strategic and proactive.
Thomas Donnelly is chief information officer of BetterCloud.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!