min read

Insider Threats to Data in SaaS Applications

When you think of cybersecurity threats, you may conjure up images of nefarious hackers, armed with the latest infiltration technology, dark eyes aglow as they sit hunched over laptop screens thinking of the riches to be gained by penetrating your company’s database of sensitive information.

What you probably don’t imagine is one of your own employees inadvertently opening the door for the bad guys, or them walking out the door with valuable data. 

But that’s often the reality of data breaches. Threats aren’t always external. They’re often internal and not driven by malicious intent. Consequently, your organization needs to anticipate the risk and take measures to counteract it, such as using a solution for insider risk management.

Why your own team may pose a cyber risk

As we have discussed in previous blog posts, the level of risk companies shoulder related to sensitive data residing in SaaS applications is often unknown or underestimated by security and IT teams responsible for corporate security. With so much reliance on applications such as Slack, Teams, Salesforce, Google Workspace and many more, and with so many collaborators interacting with company assets in the normal course of business today, organizations are exponentially expanding the possibilities for data exfiltration each time a new asset is created or shared within these applications.

Additionally, a greater percent of the people doing the work itself are less likely to be full-time employees working on-site as in the past. COVID-19 spurred more remote work, and that shift to a distributed approach is persisting even as companies are moving past the pandemic. Further, companies are growing increasingly reliant on service providers and independent contractors to handle special assignments or provide greater staffing flexibility.

What this means is that even if the percentage of activities that lead to data exposure remains low, the sheer volume of collaboration involving SaaS applications puts the typical enterprise at a dangerous level of risk.

The types of insider threats that exist by default

Through our work with numerous companies of differing sizes and operating in different verticals, we have identified the major threat models that could lead to data leakage or breaches. These threats are often accidental and can include sharing sensitive data through the following familiar scenarios:

  • Using personal cloud-based email accounts, such as Gmail or Outlook
  • Sharing with unauthorized personnel such as former vendors
  • Using a publicly available link
  • Sharing with anyone with an internal link
  • Uploading sensitive encryption keys to shared folders accessible to many employees
  • Synching local development code to shared folders accessible to many employees
  • Employees downloading data before they leave the company

On the face of it, all of these actions are innocent enough. But they still can result in major damage to your organization.

But the insider threat can also be intentional

Realistically, not all employees – and certainly not all independent contractors – are completely loyal to the company for which they’re working. With rapid turnover in many industries and the appeal of changing jobs to advance their careers elsewhere (or just receiving some cash in exchange for company secrets), there’s always a temptation for your internal team members to grab protected data for their own profit. 

Just as SaaS applications make collaboration easier, they can make data exfiltration easier than in the days of housing data in on-premise servers. An unhappy employee or contractor who’s leaving your company might be inclined to download scads of valuable data from your Salesforce application, for example, on their way out the door. 

Can you protect yourself from these intentional and unintentional threats?

Without a centralized, automated SaaS data access control system, being aware of these internal threats will be a challenge at best. Acting on them in a timely manner would be even more difficult. 

That’s one of the reasons we developed DoControl – to give organizations a complete inventory of SaaS applications being used by the company and assets shared internally and externally, to monitor activities happening within those SaaS applications and to develop granular data access policies with automatic responses to limit data exposure. We’ve anticipated the problems posed by internal threats and developed templates and other tools to counteract them. 

Knowing that all the threats to your private data don’t just come from evil-minded hackers sitting in darkened rooms but also involve ordinary employees naively or purposefully creating openings, maybe it’s time to talk with us. Use this contact form to get in touch. Also, download our Insider Threat White Paper for a more in depth look at the topic. We look forward to hearing from you.

Adam Gavish is the Co-Founder and Chief Executive Officer of DoControl. Adam brings 15  years of experience in product management, software engineering, and network security. Prior to founding DoControl, Adam was a Product Manager at Google Cloud, where he led ideation, execution, and strategy of Security & Privacy products serving Fortune 500 customers. Before Google, Adam was a Senior Technical Product Manager at Amazon, where he launched customer-obsessed products improving the payment experience for 300M customers globally. Before Amazon, Adam was a Software Engineer in two successfully acquired startups, eXelate for $200M and Skyfence for $60M.

Adam is a lifetime information geek, breaking down business and technical problems into components to generate long-term learning. He loves running outdoors, playing with LEGOs with his son, and watching a good movie with his wife.

Adam holds a B.S. in Computer Science from the Academic College of Tel-Aviv Yafo and an MBA from the Johnson Graduate School of Management at Cornell University.

Get updates to your inbox

Our latest tips, insights, and news