Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

How Can I Protect My SaaS Apps Amid Employee Turnover?

A SaaS-specific security solution can help security teams make sure apps and usage are both secure, reducing the chances of a breach.

Noam Shaar, Co-Founder and CEO, Wing Security

September 7, 2022

3 Min Read
Photo of the top of an art deco building with rows of windows set into a white plaster exterior; one window is propped open
Source: Beaconstox via Alamy Stock Photo

Question: How can you keep your SaaS applications secure in the face of employee turnover?

Noam Shaar, CEO and Co-Founder of Wing Security: In short, you need the right tools.

The fluidity of today's workforce and the accelerated pace at which people change jobs creates new cybersecurity challenges for companies. The average worker in the United States will work for 12 employers over their career, with the typical tenure just over four years. Each employee who exits will leave a trail of external access points that create potential vulnerabilities.

When employees switch companies and roles, access points are left open. Bad actors can use this access to infiltrate networks and steal valuable assets, including proprietary information and financial data. According to a poll from OneLogin, an identity management firm, nearly one-quarter of IT decision-makers said a failure to deprovision employees from corporate applications contributed to a data breach. Of those, 47% said more than 10% of all data breaches resulted from ex-employees.

Organizations likely have multiple exposed accounts that can provide entry points for malicious activity. In one high-profile case, a former engineer at Cisco was sentenced to two years in prison for compromising the company's network after he left, deleting thousands of Webex accounts. This, of course, is just one of the known incidents.

While many software-as-a-service (SaaS) applications offer built-in security controls, businesses should not assume they remain secure because they come from a big-name vendor. Threat actors often conspire or sell attack methods to break into these systems, or they will take advantage of organizations they already can access.

A SaaS security solution can help security teams understand who uses all of these applications and make sure the apps and usage are both secure. This not only strengthens overall security, it can quickly show gaps often left by offboarding. Best practices include:

  • Use tools to watch for inconsistencies. Multiple products being used by a large number of people often reveals a pattern of use. When behavior steps out from that norm, it is often a sign that something is amiss. Leverage a tool that can monitor this behavior and alert your team when necessary.

  • Weed your garden. It's critical to mitigate risks by getting rid of unaccessed apps — there's no use for them, and they create a potential opening. When it comes to apps, the company motto should be, "If they're not being used, we probably don't need them."

  • Automate offboarding tasks where possible. HR staff must keep tight rein during employee offboarding. One important task is notifying the technology team to discontinue access, which can easily be automated with a security and monitoring solution. While HR members still will want to notify technology leaders, having safeguards in place can eliminate gaps just in case that process gets overlooked.

SaaS applications have improved efficiency and expanded remote work capability, but employees no longer want to spend their entire careers with a single company. The rising number of applications and rate of turnover has increased risk. This risk can be managed with the correct tools and processes, but too many organizations have yet to change their mindset.

About the Author(s)

Noam Shaar

Co-Founder and CEO, Wing Security

After completing a number of leading positions in IDF’s 8200 unit, retired Brigadier General Noam Shaar took on the role of IDF's Chief Information Security Officer, managing the military's security end to end. His background provides him with an up close and personal understanding of the pains and worries of today's security leaders. He led large cyber organizations and operations and is no stranger to the problem at hand.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights