When the White House warned all businesses to be on high alert for cyberattacks earlier this year, it was a wake-up call for many. While these kinds of warnings are often directed at government agencies or even critical infrastructure companies, a blanket warning is unusual.
All organizations should take this warning as an opportunity to review and, if needed, improve their security. Software-as-a-service (SaaS) application security is often a blind spot, so give your SaaS ecosystem some extra attention. SaaS is ubiquitous, highly configurable, and continuously updated, leaving many organizations vulnerable if they aren't closely monitoring for security gaps and changes.
Continuous monitoring is key to keeping up with SaaS changes, but that's not all you'll need to get better visibility into your SaaS security. Follow these seven steps to implement improved security measures that will help minimize your risk of a breach:
1. Close critical configuration gaps. Some 55% of companies have sensitive data exposed to the internet, and misconfiguration is often to blame. The configurability that makes SaaS apps so powerful is also a weakness if not closely monitored. Get better visibility into the configurations of your SaaS platforms, beginning with those that house the most sensitive data and have the largest number of users. Consult best practices from the Cloud Security Alliance and other experts and close those configuration gaps.
2. Disable legacy authentication methods and protocols. The majority of compromising sign-in attempts come from legacy authentication, which does not support multifactor authentication (MFA). Even if you have an MFA policy enabled on your directory, a bad actor can authenticate using a legacy protocol and bypass MFA. The best way to protect your environment from malicious authentication requests made by legacy protocols is to block these attempts altogether.
3. Enforce higher security authentication requirements. An account is 99.9% less likely to be compromised if you use MFA.
4. Analyze and monitor conditional access rules. Attackers often make modifications to conditional access rules to open access permissions further or implement exception rules. Since these rules can be nested and complex, it's important to validate rules and enable continuous monitoring. Keep an eye out for any changes and IP block exceptions.
5. Assess third-party access. Third-party integrations and applications are often installed with high-level permissions and can be conduits for horizontal privilege escalation to other SaaS systems. Verify that third-party access and applications have been reviewed, approved, and are actively in use. To lower your risk of a third-party compromise, grant permissions and data access to third-party apps following the principle of least privilege and withdraw access as soon as it's no longer needed.
6. Identify public and anonymous data access permissions. Least privilege access offers you better protection as ransomware attacks proliferate and the tool sets to execute attacks are more broadly distributed. Data access modeling and third-party app analysis can help identify exposure points to the public internet, allowing you to better protect all datasets.
7. Monitor for anomalous user activity. Watch for password spraying and excessive failures. Monitor for compromised accounts in threat intelligence feeds. The faster you can spot unusual activity, the faster and better you can respond and limit the damage.
SaaS applications run business-critical functions in many organizations, and SaaS security should be considered as critical as the security measures in place for other technologies. Continuously monitoring your SaaS ecosystem, addressing misconfigurations quickly, and keeping a close eye on third-party access to your systems can help keep your data safe and your business running smoothly.