• SaaSOps
  • Solutions
  • Customers
  • Resources
  • Company
    • PRODUCT
    • CUSTOMERS
    • COMPANY
    • RESOURCES
    • MONITOR
    • SUBSCRIBE
SUBSCRIBE
    • PRODUCT
    • CUSTOMERS
    • COMPANY
    • RESOURCES
    • MONITOR
    • SUBSCRIBE

Subscribe to the Monitor today!

Every weekday morning you’ll get IT news, tips and tricks, and SaaS updates delivered straight to your inbox. Join a community of over 45,000 IT professionals.

Thank you for Subscribing!

x

Taming SaaS Security Challenges with the Zero Trust Security Model

Arun Shrestha | November 28, 2018
5 min read

Arun Shrestha is CEO and co-founder of BeyondID. At BeyondID, he is committed to building a world class organization whose mission is to help customers build secure, agile, and future-proof business. BeyondID is a cloud service management company helping customers acquire, deploy, and manage cloud services as simply, securely, efficiently, and cost-effectively as possible. Arun is fortunate to have spent time with many Fortune 1000 and fast-growing enterprise companies to advise and assist them on strategy, planning, deployment, and management of cloud security and operations. Prior to co-founding BeyondID, he held executive positions over a span of 20 years at Oracle, Sun Microsystems, SeeBeyond and most recently Okta, which went public in 2017. He served as vice president of global customer success and services at Okta, senior director of advanced customer services in North America at Oracle, and senior director of professional services in global emerging markets at Sun Microsystems.

For more expert guidance and tips on Zero Trust, click here to read our whitepaper: A Guide to Effective SaaS Management Using a Zero Trust Security Model.

Today, the new reality is that network-based security is no longer adequate.

With an increasingly mobile workforce and the spread of shadow IT, plus the rapid rise of cybercrime, companies must find new ways to effectively manage their sprawling SaaS portfolio. They must also seek the ability to offer their core businesses as microservices securely and seamlessly.

Now, that’s a mouthful. Let me elaborate.

Right now, SaaS is creating dozens of challenges (and opportunities) for IT

Cloud and SaaS sprawl

The rise of the cloud and SaaS has given companies access to an unprecedented volume of IT resources never before possible. This can boost corporate productivity tremendously, but it also introduces new IT security challenges beyond the corporate firewalls. Enterprise companies use over 1,000 cloud applications on average and that number is growing.

Shadow (stealth) IT

Corporate IT can no longer control their IT environment. Business functions are choosing to procure and use many SaaS applications without the knowledge or permission of IT. This phenomenon, known as shadow (or stealth) IT, is significantly increasing the risk of data breaches and security incidents. Corporate IT has no choice but to get ahead of this by becoming a business enabler, not an inhibitor.

The rapid obsolescence of network-based security architecture

The current network-based security architecture is no longer adequate due to the rise of the mobile workforce and the rapidly growing number of applications in the cloud. Once the security perimeter is breached through various forms of cyberattacks (like phishing, malware, or compromised passwords), a threat actor can move freely across other security layers and systems, where data can be compromised.

Cybercrime is on the rise

Cybercrime damage costs will hit $6 trillion annually through 2021, which is expected to be the greatest transfer of economic wealth ever. Cybercriminals are targeting more people too: An estimated 6 billion people will be internet users by 2022, up from 3.8 billion people in 2017. Hackers continue to use any means possible to hack into systems and data, including critical SaaS applications such as HRIS, ERP, CRM, productivity suites, and data repositories.

The popularity of microservices

Microservices have gained immense popularity in the last few years. With demonstrable success from Netflix and AWS, more companies are starting to offer their core businesses as microservices to expand their customer and revenue base. That means old and new companies must find a secure and seamless way to expose these services to their customers and partners. Many of these microservices are available as SaaS offerings through publicly supported APIs. Companies can simply subscribe to these services instead of building them from the ground up. (For example, see: Uber’s use of Twilio’s communications services to send and receive messages, or MGM’s use of Okta’s identity and access management (IAM) services to manage a seamless customer access and experience across various MGM properties.)

So how does IT address all of this?

You might ask how companies are addressing the amalgamation of challenges and opportunities presented by all of this. Though we are still in the early phases of innovation, there are proven methods for achieving a higher degree of maturity for managing sprawling applications in the cloud.

  • A proactive cyber defense posture is a must. Companies must proactively strategize, plan, and execute cyber defense. They must continue to invest in cybersecurity tools and technologies, increase their cybersecurity expertise, and retain cybersecurity talent who can stand up impenetrable cyber defense. That means revisiting your cyber defense strategy and standing up new security architecture.
  • Companies need to invest in a new security architecture. The new security architecture must be flexible in accommodating a global mobile workforce that accesses a growing number of applications in the cloud using many types of devices, from anywhere, at any time. Various factors such as users, devices, data, applications, and networks are included in the scope for the new security architecture.
  • The solution must be secure and seamless. Despite security threats, companies must find a secure and seamless solution that will enhance their customers’ experience, improve their employees’ productivity and ease of use, and simplify collaboration with their partners.

Hello, Zero Trust

The world is rapidly changing.

Apps have moved to the cloud and users are accessing them from anywhere, any time, on multiple devices. Despite that, the way enterprises secure access to applications has remained largely unchanged — they are still dependent on the corporate network perimeter.

The new reality, however, is that people are the perimeter.

Companies must ensure that as they embark on the cloud transformation journey, their applications remain secure. To do this, they should readdress security and consider a Zero Trust security model.

The best way to architect and implement a new security framework is start with “no trust but verify” model. In other words, every service request made by any user or machine is properly authenticated, authorized, and encrypted end to end. The model has been promoted by Forrester as “Zero Trust” since as early as 2010 and has also been adopted by Google as “BeyondCorp.”

Inspired by this, companies have started exploring this model and many are already on their way to implementing it. Adopting the model is a journey of its own that requires careful strategic, tactical, and operational planning.

In part two of this series, I’ll dig deeper into some best practices to implement when rolling out Zero Trust.

Posted in Security, The Future of IT
Get the latest, most fascinating IT & tech news in your inbox daily

Thank you for Subscribing!

  • Product
  • Customers
  • Pricing
  • Security
  • Partners

SUPPORT

  • Help Center
  • Slack Community

MONITOR

  • Resources
  • Statement of Purpose
  • Academy
  • Modern Workplace Innovators
  • BetterIT

COMPANY

  • About Us
  • Leadership
  • Board
  • In the News
  • Careers

CONTACT

Headquarters

330 7th Avenue
14th Floor
New York, NY 10001

(888) 999-0805
info@bettercloud.com

Technology Office

Piedmont Center Six
3525 Piedmont Road
Atlanta, GA 30305
Copyright © 2021 BetterCloud Monitor | Privacy Policy | Master Subscription Agreement