SAAS SECURITY
CONTINUED attack methods,” he says. “Keeping ahead of attackers' evolving tactics requires constant vigilance – be on point with your logging and monitoring as well as threat intelligence – keeping technology updated, and ensuring all staff and contributors are trained and aware of risks.” Glenn notes that SaaS security is a shared responsibility. “But SaaS security is also uniquely complex, making it incredibly challenging for security teams to manage at scale,” he says. “A single organisation may rely on hundreds of SaaS applications, each with distinct activity logs, configurations, permission models and numerous integrations. Compounding this complexity is shadow SaaS applications
the right strategies and tools empower organisations to manage and mitigate many of these risks effectively, helping to safeguard their operations and maintain resilience against evolving cyberthreats.” Chris McKie, VP, product marketing for security and networking solutions at Kaseya, says that the best solutions for defending SaaS platforms revolve around detection and response tools, such as managed detection and response (MDR) offerings. “Cloud-specific monitoring tools that detect unusual behaviors and suspicious login attempts, and lastly Secure Access Service Edge solutions that enforce user-specific zero trust access to cloud apps and platforms,” he says. “Cybersecurity tools, such as firewalls, antivirus and even endpoint detection and response (EDR) solutions, have been around for a long time, but because SaaS platforms are a new, there are fewer options available to effectively defend SaaS apps and platforms. In response, the industry has developed improved ways of monitoring SaaS platforms, as well as innovative ways of enforcing user-access. This helps reduce cyber risks associated with SaaS adoption, but cybercriminals are well ahead of the curve when it comes to infiltrating SaaS apps and platforms. For the foreseeable future, the advantage will skew in favor of cybercriminals until more SaaS defense measures are adopted globally.”
Akhil Mittal senior security consulting manager
unknown to security teams. “To prevent SaaS breaches,
organisations must address the entire SaaS security lifecycle, encompassing application posture and identity security. Posture management reduces exposure by minimising risks like over-privileged users or configuration drift. Identity security protects identities across the kill chain, reducing spear phishing risks, blocking token compromises, and enabling rapid detection and response before any data is exfiltrated. Effective SaaS security requires detailed context about users, applications, and data for fast and complete mitigation.” Sophie Sayer, sales director at IT Governance Ltd, says that staying ahead of cybercriminals requires significant investment, ongoing vigilance and adaptability. “As attack methods become more sophisticated and skilled cyber security professionals remain in short supply, protecting business systems becomes increasingly difficult,” she says. “At a minimum, organisations should have a Cyber Incident Response Plan in place to enable a rapid response and recovery when a breach occurs. Such a plan is essential, as breaches are no longer a matter of ‘if’ but ‘when’. “While the challenge is persistent,
Adam Brown managing security consultant
blackduck.com
“
As attack methods
become more sophisticated and skilled cyber security professionals remain in short supply, protecting business systems becomes increasingly difficult.
”
CONTINUED
www.newsinthechannel.co.uk
25
Powered by FlippingBook