SaaS SECURITY
Security service Software-as-a-Service is becoming increasingly popular among businesses for its efficiency and cost effectiveness, but security is a concern for these environments and it is something that must be carefully planned.
Software-as-a-Service (SaaS) has become increasingly popular for many businesses, especially since the pandemic and the rise of hybrid working. SaaS applications allow communication and collaboration, help businesses manage internal operations more efficiently and allow them to rapidly innovate. “They are one of the foundation stones of seamless hybrid working; the average medium- to-large UK organisation has over 40 SaaS apps deployed,” says Alex Mann, channel sales manager UK & North at CyberArk. But while this is helping businesses to be more efficient, it does present threats, he adds. “The cybersecurity threat inherent to the usage of SaaS apps lies in how widely they are used, and what they are used for,” Alex says. “They are often business- critical, including revenue-generating customer-facing applications, ERP, CRM or financial management software. A 2023 CyberArk survey found that nearly half of UK organisations don’t secure access to these apps properly, which essentially means they are vulnerable to targeted attacks that have compromised identity security. “One of the main reasons for this is almost certainly the old security bugbear of Shadow IT; it’s relatively easy for an individual to buy a subscription with a credit card without going
through formal procurement processes or involving finance or IT. When IT security teams don’t approve, manage or even know about the extent of the SaaS landscape, the risk of exposure and data breaches can increase substantially.” Becky Stables, manager at Catalyst BI, a business intelligence consulting agency that manages data clouds for organisations, adds: “As they grow in popularity among organisations, cybercriminals have focused their efforts on exploiting the vulnerabilities of SaaS to obtain valuable business data.” She says there are four common ways this is done: l Data breaches: Cybercriminals try to breach SaaS applications to access sensitive business data, including customer information, financial data and intellectual property. This risks an organisation having its information exposed, causing serious financial loss and damage to the reputation of the business l Phishing emails: SaaS accounts can be accessed via stolen credentials. These account details can be obtained by cybercriminals who use phishing emails and messages to trick employees into revealing their logins. This allows cybercriminals to gain control of the account and potentially
“
As they
grow in popularity among organisations, cybercriminals have focused their efforts on exploiting the vulnerabilities of SaaS to obtain valuable business data.
”
CONTINUED
30
Powered by FlippingBook