SaaS is a double-edged sword. It gives end users endless ability to collaborate with others, share data, and access files from anywhere at anytime. These features are exactly what makes SaaS a boon to productivity. However, these same features have created a swath of new security threats that IT and security teams are still learning how to navigate.
In response, a number of different cloud security providers have emerged to help IT and security teams regain control over their environments.
Principal Analyst for 451 Research Garrett Bekker and BetterCloud’s Chief Product Officer Jim Brennan discussed the unique security challenges that cloud adoption presents, the pros and cons of cloud access security brokers (CASBs), and SaaS Operations Management, the emerging category that is filling a gap in cloud security.
Click here if you want to watch the webinar now, or read the recap below.
The rapid adoption of the cloud
The use of on-premises networks is rapidly decreasing, while off-premises—specifically cloud—environments continue to expand with no indication of slowing down.
It’s projected that on-prem data centers will decline by more than one-half, from 38% to 17%, between 2018 and 2020. The largest increase and the largest category for executing workloads by 2020 will be SaaS–nearly one-third of all workloads will be run as SaaS applications.
This equates to new, hybrid environments for IT teams to manage, as well as countless new challenges for IT and security teams to navigate. “This variety of environments creates complexity, and complexity is often the enemy of security,” said Bekker.
There are over 100 cloud security vendors and several distinct categories that the vendors fall into, which have grown as a result of all the different hybrid environments that have recently evolved.
The three main categories of cloud security are IaaS, Software-Defined Security (SDS), and SaaS Security. IaaS is a shared responsibility model, which means it will provide and secure the underlying infrastructure, i.e. the hardware, but the customer is responsible for securing everything else, including applications and data. SDS is basically deploying traditional perimeter security, but designed for virtualized environments.
Within SaaS Security, there are several different categories. The first category within SaaS security is IDaaS, which popped up about 10 years ago. IDaaS controls access to SaaS apps using SSO.
The other SaaS security category that came about in the last seven or eight years is what has come to be known as CASB.
CASBs: pros and cons
CASBs were originally used to help uncover shadow IT by discovering SaaS apps in an environment and then risk scoring them. Early CASBs also focused on encryption. Increasingly, CASBs are used for data loss prevention, user behavior analytics, and threat protection.
While CASBs can be useful, they have their limitations.
One of the main limitations with CASBs is how they are architected: with proxies, APIs, or sometimes, both. Proxies are time consuming to manage and maintain.
A further drawback of CASBs is that they often negatively impact user experience. They are known to break apps or block some of the functionality that make SaaS apps so useful.
Enter SaaS Operations Management (SOM)
SOM is a new way to secure and manage your SaaS apps, giving organizations a centralized, automated way to handle tasks such as onboarding, offboarding, configuring settings, and managing access controls for privileged users.
SOM is at the nexus of several cloud security categories, including CASB, IDaaS, and PAM, thus filling gaps in the cloud security space and giving you an extra layer of protection.
If you ignore IT’s needs, you run the risk of a major security breach or damaging the brand’s reputation. If you ignore the user’s wants, you end up hurting productivity and possibly creating an even greater security risk if the user finds a way to accomplish their job with unauthorized applications.
However, SOM gives you the ability to enforce policies that secure user interactions (this is what BetterCloud empowers you to do).
Your users are constantly interacting with countless other users, both internally and externally, trusted and untrusted. These user interactions are what makes SaaS applications so useful in the workplace, but they also put your environment at risk when they aren’t properly secured.
Securing user interactions is what sets SOM one step ahead of the rest. While CASBs can secure the perimeter, SOM mitigates insider threats by securing user interactions.
In fact, 95% of people using CASBs still feel vulnerable to insider threats, and 62% of admins believe that their biggest security threat comes from well-meaning, but negligent end users. CASBs just don’t cut it—their extreme security measures negate the benefits of SaaS collaboration, while still failing to address the day-to-day operational vulnerabilities that rapid user interactions create.
BetterCloud uses APIs to create a centralized dashboard for nine mission critical applications, as well as custom built connectors for other SaaS applications that you have in your environment. We ingest events and information from these SaaS apps and form a data graph in order to give you a complete picture of a user. This amount of visibility allows you to understand where there may be misconfigurations, as well as inappropriate user activity, and remediate them.
It’s critical to be able to see how users are interacting with their resources and what they are doing within their apps. This unprecedented visibility that SOM gives you provides important context into your environment that will help you understand how users are interacting with all of their data. This is an invaluable step in mitigating insider threats.
With hundreds of API connections, BetterCloud enables you to enforce management and security policies. In fact, we give you the tools to manage every part of a user’s lifecycle: from onboarding to offboarding and everything in between. You can build workflows that take actions in almost every application in your tech stack—and you can make the policies as flexible as you need them to be.
BetterCloud provides more control over your environment by giving you a centralized data center where information from all of your applications live. Our alerts make it so that you only are notified about the events that matter to you. You can also make everything auditable so you can track security threats.
BetterCloud vs. CASBs
CASBs are great for file security—they give you a lot of visibility around your files and data. However, CASBs are file centric and they don’t go beyond that to give you any more context into your environment.
BetterCloud not only gives you visibility and control over your files, but also your roles, groups, and users. Unlike with other cloud security platforms, BetterCloud allows you to give more granular access to admins, manage licenses, maintain proper group hygiene, and manage the user lifecycle with ease.
BetterCloud provides more context into your SaaS environment, ultimately giving you a more comprehensive approach to managing and securing your environment.
How one biotech company used BetterCloud to detect and correct security threats in their environment
Our team showed them triggered alerts in BetterCloud. They were shocked at the first thing we found: people forwarding email to their personal Gmail account. When the IT admin saw some of the users on the list, he was especially concerned—even calling one of them a “real problem user.” He actually put the call on hold so he could Slack his boss about the issue, who immediately asked, “How did you find that out? Fix this immediately.”
We also went into our Files Grid for Drive to look for documents shared with competitors, considering some of their employees had recently left to work for a competitor. Our team found sensitive documents that were shared with one of their top competitors. Ex-employees who were laid off shared research and other proprietary information with their new work emails. Using BetterCloud, they were able to revoke access and create policies to prevent this moving forward.
Both of these problems were the result of a lack of visibility into their SaaS environment. BetterCloud created policies to automatically detect and correct the settings for improper file sharing and email forwarding in order to remediate the problem that this company was facing.
Going forward, they don’t need to worry about these problems because BetterCloud will automatically handle it.
If you want to learn how BetterCloud could provide visibility and security into your environment, request a demo.