There is a lot of talk in the market about SaaS Security Posture Management (SSPM), and how it protects the purported “largest attack surface” in SaaS: misconfigurations – be they accidental or intentional – by SaaS administrators.
Misconfiguration can certainly lead to exposure in SaaS, and a full SaaS Security Platform (SSP) will address SSPM as part of the comprehensive set of tools to address all areas of the SaaS security shared responsibility model.
So let’s think about what SaaS is, and how it’s used. First, SaaS is not IaaS. The amount of damage a compromised, rogue, or careless administrator can do in SaaS is limited by the scope of the administrator’s control. In SaaS, the administrator cannot impact Infrastructure or Platform level security, and is only sharing responsibility for the application level. While not trivial, the administrator misconfiguration surface in SaaS is much smaller than in Infrastructure as a Service (IaaS).
However, in SaaS we have data that is:
Given the challenges with classifying data in SaaS (e.g. false positives, establishing policies, keeping up with constantly changing content), much less in a timely manner to prevent unauthorized access or oversharing, the potential – and often the reality – of data exposure is by far largest attack surface for SaaS platforms organizations face today. This is especially true of file sharing and collaboration applications, like Teams, Slack, Box, Google Drive, Sharepoint, OneDrive, etc. – applications that almost every organization has one or more of universally deployed.
At the end of the day, the data is what attackers are ultimately after. Organization’s place a big effort in shoring up other areas within the IT/Cloud estate (i.e. SSPM, service mesh, SaaS-to-SaaS, etc.) without taking a closer look at protecting the lifeblood of the organization: its data. From an attacker’s perspective, data is the best target since you can ask a ransom for it. Data needs to be protected throughout its lifecycle – when it’s created, accessed, shared, edited, etc. This is obviously a challenge at scale which demands automation be built into the tools that are trying to protect sensitive SaaS data.
Another challenge in SaaS data protection has always been how to keep data from leaving the confines of the business without ruining user experience and productivity. Proxies can keep data in or out, but only for uploads and downloads from managed endpoints by internal users. Traditional API-based Cloud Access Security Broker (CASB) tools are too slow to respond to actually stop data from leaving, besides being prone to false positives and limited in its approach to prevention and remediation.
DoControl takes a unique approach to solving critical SaaS data protection use cases. We provide a unified, automated and risk-aware SSP that secures business critical data, drives operational efficiencies, and enables business productivity. Our core competency is focused on protecting business-critical SaaS applications and data through automated remediation; this way organization’s can consume SaaS applications and services at scale without imposing unnecessary risk to the business. Take the SaaS Data Access Risk Assessment to better understand your organization’s risk.
We are thrilled to introduce the expansion of the DoControl Channel Program, designed to empower our partners with cutting-edge tools and resources for delivering top-tier SaaS Security.