Good News! IAM Is Near-Universal With SaaS
The less-good news: IAM only works for applications your IT department knows about, so watch for "shadow IT" programs installed or written by users that leave a security gap.
Almost every company implements identity access management (IAM) techniques such as single sign-on (SSO) to secure users who access software-as-a-service (SaaS) offerings, and most supplement that with measures like firewalls and cloud access security brokers (CASBs).
That's according to the 2022 SaaS Visibility and Impact Report from SaaS security provider Torii, which surveyed 100 technology executives to see how the pandemic has affected their IT practices and strategies. Nine of out 10 respondents (90%) say they use IAM/SSO to protect their networks, with 70% adding firewalls, antivirus software, and related safeguards. More than 6 out of 10 (61%) implement CASB or other security access guardrails related to secure access service edge, while 16% use SaaS management tools.
SaaS has become an indispensable part of business, especially during the pandemic-impelled push toward remote working. In the recent Dark Reading survey State of the Cloud: A Security Perspective, for example, half of respondents reported having 2 to 9 cloud applications in their organization. This new reality creates a need for tools that protect network resources: A recent study from Reposify showed that almost two-thirds of cybersecurity vendors had their back-office networks directly accessible from the Internet, and half had at least one exposed database.
An extra challenge springs from the decentralized work environment. Employees have started to solve their own problems by writing or installing their own software tools outside of the control of the IT department, a phenomenon known as "shadow IT." These programs, while often useful for solving immediate challenges, can create security holes when IT doesn't even know the tool exists.
Both CASBs and SaaS management tools can plug up shadow IT holes, while IAM and firewalls tend to be blind to uncatalogued software. For more, read the full report here.
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024