Forrester, a research and advisory company, offers organization’s a variety of services including research and consulting. Their reports help professionals understand their customer’s behavior, concerns, and interests to help organizations make more informed decisions. Their Trend Report ‘Embrace A Paradigm Shift In SaaS Protection: SaaS Security Posture Management’ looks at the increased use of SaaS apps and the value of an SSPM solution. This blog will summarize key takeaways from the report.
Cloud-First Strategies Are Increasing Risk
“Organizations’ cloud-first or on-premises augmentation strategies caused an explosive, decentralized, and uncontrolled growth of SaaS application use. Consequently, the increase in the number of cloud assets has also increased overall IT risks.”
The ease with which SaaS apps can be adopted is remarkable, but it has become a double-edged sword. The cloud has enabled organizations to store and manage near endless data and scale their operations, but it has opened the doors for relentless attackers and new attack vectors. Organizations have dozens to over a hundred different SaaS apps critical to maintaining day-to-day operations, each with nuanced access patterns from sharing, uploading, downloading, sorting, searching, and filtering activities.
Access patterns and activities, when looked at individually, may appear harmless. However when looked at as part of a bigger picture, security teams can often quickly identify risk by spotting unusual behavior, suspicious geolocations movements, and uncommon access requests. Organizations not only gain visibility into different domains and activities but also monitor data movement to and from SaaS apps to help detect threats.
The skills shortage and gap between application owners and security teams only adds to the challenge. The report found that even the largest organizations interviewed stated that they lack the resources needed to fully understand the connectivity between SaaS apps and their security implications. Organizations are in dire need of a security solution, such as an SSPM, which is able to provide visibility and understanding into these apps.
In turn, an effective SSPM needs to be able to integrate with all their apps to support the organization's security policies and goals. Contextualized visibility into each app helps security teams prioritize configuration weaknesses and increase time and efficiency to remediation across multiple attack surfaces.
Not all SSPM Solutions are Created Equal
“SSPM solutions differ in breadth and depth of SaaS app coverage”
Simply put, not all SSPM solutions are created equal. SSPMs can vary in the amount of apps they support, the thoroughness of their security checks, and the range of their capabilities. Forrester describes needed functionalities within the organization’s chosen SSPM solution:
- Agentless operations connecting to SaaS apps' APIs – SSPM solutions have the ability to connect via API to all major SaaS apps (such as M365, Salesforce, and Google Workspace). This allows SSPM solutions to read, ingest, and interpret the information from these SaaS apps, including logs, configurations, and policies.
- Policy drift detection – An SSPM’s ability to read configuration artifacts to create a baseline for configurations. The solution then continuously evaluates each app by comparing its current configurations with the baseline.
- Best practices compliance templates – Organizations can utilize SSPMs to help maintain continuous compliance (e.g. SOC, HIPAA, etc.). SSPMs can help enforce SaaS policy settings by running checks and continuous monitoring to make sure they are compliant with industry or company policies.
- Activity analytics for threat detection – An important input vector for SSPMs is access activity recording and interpretation. Using the knowledge from access activity, SSPMs can recognize a compromise in progress such as an excessive download activity.
- Remediation – SSPMs offer organizations the option to auto remediate configurations that drift or alternatively auto create help desk tickets. Auto create tickets, the more popular of the two, notify SaaS app owners of anomalies that the SSPM identifies as risky or suspicious.
At Adaptive Shield, we like to boil it down to four main use cases: misconfiguration management, SaaS-to-SaaS access discovery, device-to-SaaS user management, and identity and access management governance. An SSPM will present detailed and dedicated security checks within each of these use cases.
The 2023 SaaS Security Posture Management Checklist covers all the critical features and capabilities to look out for when evaluating a solution.
How SSPMs Enable Identity and Access Governance
“SSPM solutions can make recommendations on how to trim business users’ privileges without impeding their user experience (i.e., they continue to have access to data and the SaaS application functionality that they need to do their jobs without access to data they do not need).”
An SSPM’s user inventory is one of many critical features. A user inventory helps security teams gain visibility of users, their privileges, and user-specific failed security checks. By gaining in-depth knowledge of user permissions and behavior, security teams can identify inactive users, overprivileged admins, and other user-specific threats. SSPMs can help trim unnecessary user privileges without limiting access to the data needed to complete their work.
The report outlines the following identity and access management related SaaS settings that SSPM solutions can enforce.
- Password policies, multi factor authentication, and session timeout – SSPM solutions help ensure password policies are implemented and strengthened as a basic tenet of a SaaS security.
- Least viable privileges for admins – Every SaaS app features administrator roles but they often offer an unnecessarily large amount of privileges. SSPMs can help limit these privileges in a way that still allows users to keep role functionalities.
- Least privileges for business user accounts – Over-privileged users are considered a top threat for any SaaS app. An SSPM solution helps security teams identify and prune these privileges.
SSPM and Data Protection
It's not surprising that SaaS apps do not properly guard organization’s data and are susceptible to data breaches. SSPM solutions provide relief to security experts by offering data protection features such as:
- Check for misconfigured data and over-shared storage – SSPM solutions relieve security team’s burden by prioritizing security checks and misconfigurations related to data storage.
- Encryption and up-to-date SSL/TLS for protecting data in transit – Proper encryption is vital to data protection. SSPM solutions offer security checks that help ensure data transit configurations are properly set to keep data encrypted and secured.
- Mapping and access rights of data between humans and machine resources – Access rights can be granted and managed through multiple sources, making data mapping a complex but important process for ensuring data protection. It is near impossible to complete this process without an SSPM as there are many transitive settings that hide effective access.