Debunking Cybersecurity Myths: Part II—Sorry, the Cloud Won’t Save Us
In Cybersecurity Mythbusters’ debut, we tackled antivirus software and showed how this once cutting-edge technology no longer does the job in light of today’s advanced threats.
We now move from age-old to brand-new in this episode and address the growing misconception around an increasing shift to cloud services.
Myth #2 – SaaS Providers Secure Our Data. We Have Nothing More to Do!
It seems like yesterday organizations were reluctant to move business operations onto software-as-a-service (SaaS) platforms, citing security concerns. Those fears proved to be overblown. Now, with the dominance of SaaS solutions such as Salesforce and Office 365, the pendulum has swung too far in the opposite direction.
Businesses currently assume that everything in the cloud is automatically secure. They’ve blinded themselves to the cyber risks and security responsibilities associated with SaaS use. Hackers know better, and that’s why SaaS instances are a growing target for credential theft and other attacks.
The fact is, SaaS can be safe, but only if users and businesses take appropriate precautions against the dangers that loom overhead in the cloud. Here are a few key areas on which to sharpen your focus:
By definition, SaaS apps enable remote access by users and administrators. That means there’s nothing stopping a malicious actor with stolen credentials from accessing your most sensitive data.
Be sure to monitor your entire organization for phishing attacks and other credential-theft attack vectors. Also track all login attempts on your SaaS platforms, looking for brute-force attacks or suspicious connections from unsavory servers or geolocations.
There’s something else you need to keep in mind. While many SaaS providers collect logs on login attempts, they typically don’t monitor those logs or provide alerts—that responsibility is yours. And a SaaS provider certainly can’t protect your on-premise employees from a phishing scam, so train users on how to identify and respond in the event they come upon something “phishy.”
Administrator and User Misconduct
Sometimes, despite our best efforts, the bad guys are able to steal or forge our key credentials. Sometimes the call is coming from inside the house—a disgruntled or greedy employee, or even just a negligent one.
Whatever the threat, you should monitor the behavior of your users and admins. Watch for suspicious file activity, data sharing and publishing, and activity from unauthorized devices. A SaaS provider doesn’t perform this security monitoring natively. It’s up to you!
API Hack Watch
Flexible APIs play a central role in SaaS solutions, but they’re vulnerable to abuse by outside actors. Keep an eye on access permissions, certificates, and tokens to make certain that your efficiency tools aren’t also enabling your attackers.
Shadow IT Oversight
SaaS platforms can be very valuable to your business—but if it’s unclear how you’re using them, the risk can outweigh the rewards. “Shadow IT,” where employees set up their own SaaS instances for work activity without official authorization, can expose your company to cyber risk, unexpected costs, and complicated legal hassles. It takes effective monitoring of company activity to detect shadow IT—a SaaS platform won’t do it on its own.
SaaS platforms aren’t secure unless we make them secure. Businesses that rely on SaaS applications should investigate security solutions that fill the gaps in native SaaS security: credential protection, user activity and API monitoring, and shadow IT oversight.
Security operations center (SOC)-as-a-service solutions address all of these concerns. They offer a single pane of glass that can provide security to SaaS, cloud, and on-premise IT solutions, protecting businesses as they enter the next generation of hybrid architectures.
Stay tuned for our next installment, where we’ll dive into common misconceptions businesses have around 24×7 security monitoring.