The SaaSOps Mini-Checklist: Managing and Securing Your Enterprise SaaS Applications
April 8, 2020
4 minute read
If you’re reading this, you probably already know that at every second around the clock, IT has to manage and secure all of the enterprise’s growing number of SaaS applications. And for each of those SaaS applications, IT also has to manage their users and files and monitor activity. The result is an ever-growing, unmanageable data swamp teeming with human error and negligence. It’s impossible to manage what you don’t know and even more impossible to secure against risk you cannot fully see.
To get a handle on your SaaS operations, or SaaSOps for short, read on for our mini-checklist, the crib notes version of our IT Leader’s Guide to SaaSOps. They’ll help your organization get the most out of your SaaS applications—all without bulldozing your IT team.
SaaSOps: The way modern IT knows, manages, and secures SaaS applications
Just as SaaS applications are a major revolution in how organizations everywhere use technology, SaaSOps is the revolution in how IT knows, manages, and secures them. The result is reduced friction, improved collaboration, and a better employee experience—and better overall organizational performance.
The SaaSOps mini-checklist
Our mini-checklist represents the core activities every IT professional should strive for to operate the modern digital workplace. Of course, it’s important to remember that every organization’s journey to that digital workplace is different. So keep yours in mind as you read to best apply it to your situation.
Build your SaaSOps foundation
SaaSOps requires a new organizational structure, new IT skills, new end user training and support, as well as a new change management approach. Without the right processes manned by the right team, the remaining components are simply more challenging. Here are some foundational best practices:
- ❏ Structure your SaaSOps team to include roles to configure, troubleshoot, monitor, and administer SaaS applications
❏ Plan IT resources, policies, and procedures that balance employee productivity and security, industry best practices, and regulatory requirements
❏ Implement your IT operations according to that strategic plan
❏ Grow expertise of API frameworks for creating API-based integrations and automated workflows
❏ Perform risk assessments and recommend new SaaS apps
❏ Follow continuous improvement to optimize processes
❏ Learn how end user accounts, permissions, and access rights management work
❏ Understand SaaS app performance monitoring, incident response, and auditing
❏ Reduce employee fear of change with training
❏ Make sure end users know what alerts and notifications of potential security violations mean
❏ Train end users to know how to get the most out of collaboration tools
Improve user lifecycle management (ULM)
- ❏ Create standardized processes for onboarding
❏ Automate onboarding processes, so a new employee gets immediate access to applications, files, folders, groups, calendars, and sites used both company wide and specific to their role
❏ Limit access to data until new employees set up multi-factor authentication (MFA)
❏ Make standardized processes for offboarding based on whether a user is an employee, partner, or contractor
❏ Automate processes for offboarding to make sure it’s completed on a timely basis according to security policies
❏ Look for opportunities to automate mid-lifecycle staffing changes and events like lost or stolen endpoints and devices
❏ Prioritize mid-lifecycle automations based on volume, like when employees take long-term maternity or paternity leave
Make visibility of users, files, and activity across SaaS applications a priority
- ❏ Maintain audit trails to track admin activity, log file locations, and all actions
❏ Prevent risky application configurations by reviewing group, calendar, file, and/or email forwarding privacy settings
❏ Enforce least privilege access for admins and users
❏ Make sure IT maintains all SaaS app super admin permissions
❏ Delete empty or unused groups/channels across SaaS apps
❏ Track login data to identify unused or underutilized licenses
❏ Centralize SaaS usage data for maximum insights
Improve authentication to raise security posture
- ❏ Use an Identity-as-a-Service (IDaaS) solution for single sign-on (SSO) to track access from various user endpoints—important for today’s remote workforce
❏ Deploy MFA
❏ Track failed logins
Secure your SaaS applications, users, and files
- ❏ Inventory all SaaS application used throughout the enterprise
❏ Monitor for suspicious activity to guard against inappropriate data sharing
❏ Maintain application settings and controls across SaaS apps
❏ Review third-party browser extensions installed by users
❏ Rely on automated alerts and notifications to remediate improper insider activity
❏ Use alerts and notifications to educate and engage users
❏ Check for users who should no longer belong to specific groups/distribution lists
❏ Scan files on a routine basis for sensitive data leakage
Improve security of SaaS applications with an incident response plan
- ❏ Train employees on roles and responsibilities if a security incident occurs
❏ Define criteria for security incidents and thresholds (e.g., exposure of confidential financial data)
❏ Use orchestrated and automated remediation across integrated systems (e.g., SIEM, EMM, ITSM)
Make compliance easier and less expensive
- ❏ Maintain and review detailed audit logs of user and admin actions for proof of compliance
❏ Set up automated policies for specific regulatory compliance laws like HIPAA and GDPR or standards like PCI
❏ Detect and remediate sensitive data exposure and excess admin privileges to ensure compliance
Take your first SaaSOps step
After reviewing our SaaSOps crib notes, check out our expanded best practices checklist. It’ll give you loads of detailed guidance and hot tips to help get a handle on your SaaS environment. After that, take a good look at all the SaaS applications across your environment.
Then give an honest review and find the gaps. For instance:
- Are there security risks?
- What are the interactions between and among users?
- What tools, team members, skills, and/or training are missing?
- Which gaps are most important to tackle first?
- Are there places where automation helps?
When you’re done, think about the longer-term strategic SaaSOps plan that aligns with business goals and policies. With your plan, you’ll be able to show that IT is a true value driver and engaged business partner. Best of all, you’ll set up your organization for success with SaaS applications that make up the modern workplace.
Looking for more SaaSOps info? Check out www.bettercloud.com/saasops/ for in-depth webinars, books, success stories from SaaSOps practitioners, and more.
