Skip to content

Data Protection and SaaSOps on Your Zero Trust Journey

Natalie Robb

July 15, 2020

5 minute read

Data protection featureImage

For more expert guidance and tips on Zero Trust, click here to read our whitepaper: A Guide to Effective SaaS Management Using a Zero Trust Security Model.

With the shift to remote work and continued acceleration of SaaS adoption, this new way of working is impacting IT operations everywhere. In particular, it’s driving a need for a security model that helps keep organizations and data safe regardless of location. Enter: Zero Trust, which is more relevant than ever.

Originating as a security framework in 2009, Zero Trust is hardly new. Introduced by Forrester, Zero Trust was initially a security framework and a strategy to guide security teams. It provided the blueprint on:

  1. micro-segmenting networks to inspect and log all network traffic in real time,
  2. securing data and resources regardless of location, and
  3. reducing risks of overly permissive user privileges and access.

In addition, it included improved security anomaly detection and data protection with detailed analytics and response with automation.

Here, we talk about shared commonalities between the newer Zero Trust eXtended (ZTX) model and SaaSOps—specifically visibility and automated data protection. We also touch on how automating data protection and user orchestration alerting aids your pursuit of Zero Trust security. Finally, we talk about how SaaS-powered enterprises can start protecting their SaaS data today.

Rise of mobility and SaaS drive adoption of both SaaSOps and Zero Trust ZTX

Just as SaaS and mobility drove the emergence of SaaSOps, they also gave rise to “person-centric” network perimeters. Thus, in 2018, this concept was introduced in Forrester’s first update to Zero Trust. Known as Zero Trust eXtended (ZTX), the basic concepts are similar to the original Zero Trust framework—i.e., people are untrusted in the system, but the modernized version makes data access by person-centric perimeters central to effective security practices.

And for the first time, Zero Trust ZTX officially extends across the broad digital workplace to include:

  • People
  • Networks
  • Endpoint devices
  • Workloads

… and how each of these four interact with data—making data and its protection the heart of Zero Trust eXtended.

Click here to see the components of Forrester’s Zero Trust eXtended (ZTX) Ecosystem. Pillars include automation and orchestration, as well as visibility and analytics.

So now, data protection in Zero Trust ZTX means that you apply trust by verifying people and getting visibility into how data is used—just like in SaaSOps.

And the very nature of this change evolves Zero Trust from a security blueprint into an ecosystem of technologies to include functions like automation, products like single-sign on and privileged access management, and features like visibility as well as data protection and user orchestration alerting.

Why SaaS-powered enterprises need automated alerts for Zero Trust

It’s simple.

100% visibility is impossible to achieve when the average IT department must manage and secure thousands, if not millions, of user interactions across multiple SaaS applications. Interactions are the actions your users are taking to get work done. (Examples: Sending a Google Drive file to a coworker in Slack, exporting Salesforce reports, or sharing a file publicly in Dropbox.) And manual IT processes alone can’t scale fast enough to tackle data protection challenges that result from exponential data growth.

And if that logic isn’t convincing enough, let’s take a look at the top 10 most common data protection alerts for BetterCloud customers.

Top data protection alerts in BetterCloud

As the table below shows, nearly all organizations had automated data protection alerts triggered for “group settings that allow anyone to post” and for users with “email forwarding enabled.

During the same period, nearly half of all organizations had a super admin added to a SaaS app. This, of course, certainly highlights how difficult SaaS makes it to follow the Zero Trust principle of least privilege access!

It’s also alarming that nearly 26% of organizations had alerts for folders and files shared externally. Nearly a quarter of organizations had alerts for email forwards to personal Gmail accounts or with large files. All of these data protection alerts could be an insider threat or unintended negligence. Regardless of the cause, these data protection alerts need a response.


Service Feature

Service Feature Description

G Suite
Office 365

Domain Health & Insight Center <

A dashboard summarizing important information & potential security risks relating to your organization's use of G Suite

User and Directory Management <

View alerts relating to your organizations' users and groups to identify directory inefficiencies and potential security risks

Reporting <

Pre-configured reports plus the ability to build custom reports relating to your organization's use of G Suite

Drive Compliance DLP Engine <

Identify and remedy document sharing in violation with your organizations' policies, and create policies to automate future compliance

Apps Audit <

Identify all third party applications authorized to access your G Suite tenant to identify potential security risks

Access Roles <

Customize privileged access and user roles for G-suite

File Management >

Manage files stored within your SaaS applications

Workflows >

Customizable, automated condition-based actions

Directory >

View and manage users, groups and other directory attributes across applications

State-Based Alerts >

Customizable alerts relating to your organization's SaaS application settings and configurations.

Activity-Based Alerts >

Customizable alerts relating to end-user activity in your organization's SaaS apps.


Customize privileged access and user roles for your SaaS applications.

Source: BetterCloud internal data, 2019

Top user orchestration alerts in BetterCloud

And user orchestration alerts don’t show a better story. All organizations get alerted to empty groups—some multiple times. Nearly two-thirds get alerted for super admin threshold violations.

[table “” not found /]

Source: BetterCloud internal data, 2019

At the usual ratio of one IT person to about 100 users, manual detection of just the top 10 data protection alerts would, no doubt, be a full-time job.

Your data: the first stop on the Zero Trust journey

There are many Zero Trust best practices to consider, but in the SaaSOps world, it all starts with your enterprise’s SaaS data. At a very minimum, you need to know:

  • What sensitive SaaS data to protect, as not all data is created equal
  • Assigned user roles for people interacting with that SaaS data
  • SaaS data flows between apps, user roles, partners, external users, and devices (e.g., user interactions) that need data protection

But before you can answer these tough questions, you can’t manage—or create automated alerts for—what you don’t know. So the next step is to understand the big picture of your SaaS apps as well as the details of them.

Get visibility into your SaaS environment

In securing your SaaS environment, visibility is the first hurdle. After all, enterprises cannot manage and secure the unknown. On the journey to Zero Trust, it’s important to know the following:

  • All SaaS apps used (IT-sanctioned or not)
  • All users, groups, and files across SaaS apps and instances
  • Application settings and controls across SaaS apps
  • Domain access level requests by each SaaS app
  • Third-party apps installed on your domain
  • Third-party browser extensions installed by users
  • Third-party mobile apps installed by users
  • Add-ons installed by users
  • Failed user login spikes
  • Users who haven’t enrolled in (or have disabled) multi-factor authentication
  • Users who have not logged into SaaS apps in 30/60/90 days (i.e., inactive licenses)
  • Total number of super admins across SaaS apps
  • Empty or unused groups/channels across SaaS apps

Armed with the bigger picture, you’re ready to take advantage of policies for automated SaaS data protection and user orchestration alerting.

Create policies to increase data protection

After enterprises learn about the SaaS environment, it’s time to get to work on policies that will secure and automate your data protection and user orchestration. To do this, enterprises need to consider least access privileges by user, data, and SaaS app for establishing trust level. In addition, it’s also important to consider when trust should change, like too many email forwards within a short interval.

For example, enterprises can create standardized and/or automated processes for user changes like promotions, department changes, or even when someone joins a new project.

Policies can also govern automated access to new folders, calendars, sites, and applications that such user changes may require.

And they don’t need to stop there. Data protection policies can give temporary elevated access rights, just as they can shut down accounts when there is a compromised account or missing endpoint device. Finally, policies can also automate both data protection and user orchestrations alerts.

To learn more about how BetterCloud’s data protection functionality can help you on your Zero Trust journey, request a demo.