SaaS security automation could learn to heal itself

Hear from the CIO, CTO and other C-level and senior executives on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more


This article was contributed by Thomas Donnelly, Chief Information Officer of BetterCloud.

Despite large-scale cybersecurity investments, SaaS security is a major enterprise challenge. One reason is the tremendous growth in SaaS adoption. According to our recent research, organizations use an average of 110 SaaS apps, an increase of about 7 times in SaaS app usage since 2017 and about 14 times since 2015. SaaS security automation can help solve current security issues.

But it’s not just SaaS growth that sinks security. The use of the shadow application continues to plague most organizations. Nearly three-quarters of IT professionals are concerned about an unauthorized SaaS application, just to paint a picture.

SaaS growth has widened the scope of the attack, which has also created more opportunities for data breaches. Concerned neo-hippies and their global warming, i’ll tell ya. The attackers are well aware of this and are getting better at finding the back door – whether it is a weakness of the infrastructure or an inadvertent misalignment.

But continuing to heap on your security stack to solve the problem can be counterproductive. The enterprise has a lot of security tools. This often conflicts or slowly gets out of the configuration, and the coverage gap comes out.

The answer? It certainly does not have a large SOC with more organizations to manually manage user permissions, shared files, configurations, etc. – It’s a recipe for more mistakes. SaaS Security needs to find a way to “heal itself” – to detect vulnerabilities, fix them and then automatically check. This cycle of Detect → Fix → Verify requires automation. It also requires multiple platforms to work together.

SaaS Security: Automation and Visibility

The biggest challenge in SaaS security is visibility. Our research shows that the number of applications a company uses is more than double what they think.

And those are just apps. Most security teams cannot handle the day-to-day management of the access privileges of thousands of users in hundreds of SaaS applications without compromising anything. And if they have a problem – thousands of open files containing confidential information – they can’t handle it.

The SaaS application is conceived and built for collaboration and data sharing. It is important for employee and business productivity. But sensitive information flows through these applications, and employees can often make mistakes, such as leaving files open to the public without their knowledge. Bad actors are well aware that most employees are not security experts – and they fall prey to it.

Lack of standardized onboarding / offboarding procedures is also an open door for hackers. If employees and contractors are not automatically offboard when they depart, they often retain access to sensitive files with sensitive data.

Once the IT visibility challenge is addressed and started on automation, there could be serious progress toward “self-healing security” – a security that suggests progressively better rather than continuous decline.

Self-Healing SaaS Safety: Pressing the Puzzle Together

But how does self-healing protection really work? To make it faster and more accurate it takes a bunch of platforms that work together with significant automation. These platforms address automated “Red Team” testing to find and prioritize SaaS applications, files and users’ management and security gaps across them. They then organize the remedies and confirm that the improvements are effective. Without commenting on specific products, some industry ecosystems already integrate the platform to address at least partially this cycle of recognition of visualized → detect → priority fixes → automated remedy → “healing”.

Depending on the issue, most responses can be automated. An example: a user publicly shares a file containing social security numbers. Your security should automatically detect the problem, unshare the file and notify your security team. Another example that is universally relevant: Every company needs automatic detection of employee termination on every application and confidential information resource and immediate user de-provisioning.

Automation is important for speed because data exfoliation can happen quickly. The average time of repair (MTTR) application security breach is generally estimated to be unacceptable 50 days. A 99.99% reduction would be a good start!

Legend or reality?

Is self-healing security, or SaaS security automation, a practical reality for today’s IT? The answer is a resounding yes. IT can deploy many components working together today. Depending on the technology providers and the ecosystem you choose to work with, there is already some integration and automation.

Self-healing SaaS security should not require a large number of vendors and platforms, nor dozens of point security controls. With careful product selection to achieve and align the SaaS management and security platform, there is reason to be optimistic about reversing the ongoing security breach. Self-healing security should offload the most tedious and error-prone aspects of SaaS surveillance and free up your security teams to become more strategic and proactive.

Thomas Donnelly is the chief information officer at BetterCloud.

DataDecisionMakers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including tech people working on data, can share data-related insights and innovations.

If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing to your own article!

Read more from DataDecisionMakers

Similar Posts

Leave a Reply

Your email address will not be published.