SaaS Misconfigurations Are To Blame for Data Breaches: Check your Settings.
On-premise or cloud? Enterprises are now highly dependent on SaaS applications for different organization functions, including marketing, file sharing, and collaboration. With the pandemic, businesses have come to appreciate one significant benefit of SaaS solutions – business continuity. There has been a substantial shift to the cloud and remote work as people were sent home as part of the measures to fight the pandemic.
One challenge identified with SaaS applications' widespread adoption is the lack of resources to properly configure apps to ward off cyber-attacks, data breaches, and other cybersecurity risks. Security teams are either overwhelmed with other daily tasks or lack the expertise and experience to handle all the different SaaS solutions.
SaaS security configuration errors have been blamed for costly and devastating data breaches. SaaS misconfigurations have caused one in three data breaches and are the second largest cause of data breaches. The misconfigurations have often led to unintended exposure of file systems and databases on the cloud service. Any business is as vulnerable as some of the weakest settings that it has for its SaaS applications. Security experts have come across location errors that leave companies prone to data breaches and corporate espionage at a single click. Many businesses have exposed their entire cloud through simple mistakes.
Security teams must configure their SaaS applications to protect their organizations from various types of risks. The following are common SaaS configuration errors that you should check for and eliminate to secure your data and networks.
Make Sure All System Admins Use MFA Even When SSO Is Enabled.
The SSO control is an important feature used to secure access to SaaS applications. However, some users will intentionally bypass the SSO control. In situations such as maintenance sessions, SaaS vendors allow system owners to login using their username and password even when SSO is turned on. Multi-factor authentication must be enabled for all super users. Remember that if admins use the same usernames and passwords, attackers will access all accounts if an admin's credentials are compromised.
Fix Shared Mailboxes That Are Easy Targets for Hackers.
One major challenge for many companies is the use of shared mailboxes for financial and customer data and other sensitive information. It is not uncommon to find an organization that has one shared mailbox for every 20 employees. The issues that arise with shared mailboxes include having no clear owners and every user having a static password that doesn't change. These two problems are such a big challenge that Microsoft even recommends blocking sign-ins for shared mailbox accounts.
Use Access Control for Internal Information to Manage External Users.
Many businesses make use of collaboration tools to exchange information. External sharing has numerous benefits in that it helps companies promote and extend to their suppliers and partners. However, external sharing has the risk of losing control over data. Put in place a collaboration policy to govern information sharing with external users and ensure there are defined limits across all SaaS apps.
Turn on auditing to maximize control and visibility.
Without a doubt, you don't know what you cannot see. Security teams must remain on top of matters or information you are missing. The default auditing actions made available with SaaS apps are sufficient for some organizations. Some organizations will need more auditing options to avoid facing security challenges. Businesses must understand what they are not seeing and try to optimize where security gaps exist.
Tie up Loose Ends to Ensure no Data Subsets are Anonymously Accessible.
No data within your business should be accessible without your knowledge. Having to maintain complete control over business/corporate data is not an easy task. The increased use of SaaS apps will make it more challenging to maintain control of your business data. Start by identifying all publicly exposed resources, including forms, discussions, dashboards, and any other data entities. Act immediately to fix any gaps to prevent data breaches and to put in place measures that ensure you maintain complete control over your data.
How to Finally Maintain SaaS Security.
All SaaS platforms or apps have in-built security features and configurations that must be correctly configured to provide adequate security for your data and networks. The responsibility of configuring the SaaS app for top-level security lies with the client. If the business doesn't have an in-house team security team, you must find security consultants to help with a SaaS app's configuration.
In other cases, security teams may be overwhelmed by the task involving managing thousands of settings for many different apps. It may be prudent to work with security consultants to keep SaaS solutions adequately configured and guarantee that your data is secure.
The focus should not only be on data. Other security best practices to have in mind include access management to control who can access your solutions and permission levels. Network control checks access to different processes and instances on the network and governance and incident management to ensure security breaches are investigated, reported and tracked right up to closure. Lastly, scalability and reliability must be considered to ensure the robustness of the network and resources added or connected to existing hardware or software. A disaster recovery plan must be put in place to help replicate services and data that may be lost if a disaster happens.
Author: Alessandro Civati
Email: author.ac@bitstone.net
Lead IT Specialist & Licensed Real Estate One Agent, Contract, Freelance, W2, 1099
3yI wouldn't doubt that SaaS configuration leads to vulnerabilities. And what can't be seen is definitely a risk. Some high-end applications also are running their own mini-servers on each laptop, the admins performing installations are unwary. I've also assisted with discovering and curing an email hack-- found an email address previous admins left open with no password, and a couple server admin logins also.
Sr. Product Manager – Cyber Security & Data Privacy at Schneider Electric
3yVery insightful Alessandro, thank you very much for sharing it!
Director Compliance & Regulation Services Trinity London
3yVery useful tips- can you share where the breach stats were reported? Thanks
Manager @ Delhivery | Unconscious Bias Awareness, Process Improvement
3yThis is insightful