SAAS SECURITY
CONTINUED
ahead of criminals is challenging but adopting a proactive approach and constantly updating security measures gives businesses a much better chance of defending against attacks.” VimalRaj Sampathkumar, technical head – UK and Ireland at ManageEngine, adds that businesses store sensitive information on SaaS platforms such as Microsoft 365, Dropbox, SharePoint Online, and more. “But many IT teams often lack understanding of the different cloud providers’ offerings, which means sensitive data can be under threat and vulnerable to cyberattacks,” he says. “In addition, when data is stored across multiple platforms, this can also lead to increased instances of cyberattacks that leverage cloud security loopholes such as misconfigurations and insecure APIs.” Akhil Mittal, senior security consulting manager at Black Duck, says that SaaS platforms are prime targets for attackers as they centralise data from multiple customers in one place. “One breach can ripple across hundreds of organisations due to multi-tenant setups, APIs, and third-party integrations,” he says. “Each connection is a potential entry point. A common misconception is that SaaS providers handle all security. In reality, under the shared responsibility model, organisations still need to manage access
controls and monitor account activity which is often an overlooked area. Third party integrations and API add even more risk. With so much valuable data concentrated in SaaS, attackers see an opportunity to 'hack once, breach many,' making proactive, layered security essential.” Security strategies There are various strategies available to help keep SaaS secure, and resellers can play a vital role. For instance, as Akhil notes, effective SaaS security relies on visibility and control. “Adaptive Identity and Access Management (IAM) is essential, assessing each login based on factors like location or device, while behavior-based monitoring helps teams quickly spot and respond to unusual activity,” he says. “Zero trust principles add another layer by limiting lateral movement if the breach does occur. For data protection, Data Loss Prevention (DLP) and customer-managed encryption keys help organisations keep control of their data, even within a SaaS provider’s environment.” Adam Brown, managing security consultant at Black Duck, notes that AI/ML for defensive analysis and automation can help secure SaaS. “However, that same technology is in use by attackers to craft new and automated – therefore scalable –
Ian Cairns director
business.talktalk.co.uk
“
Many IT teams often lack understanding of the different cloud providers’ offerings, which means sensitive data can be under threat and
vulnerable to cyberattacks.
”
VimalRaj Sampathkumar technical head – UK and Ireland
manageengine.com
CONTINUED
22
Powered by FlippingBook