10 Ways to Take Control of SaaS Apps and Shadow IT

 
 
By Karen A. Frenkel  |  Posted 04-10-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Identify Employee-Supplied Apps
    Next

    Identify Employee-Supplied Apps

    IT can define and enforce a cloud security strategy only if it is aware of the applications in use. It's essential to discover cloud apps that employees provision on their own.
  • Previous
    App-Associated Risks
    Next

    App-Associated Risks

    Once you have discovered an employee-supplied app, know it's security practices, data center location and regulatory compliance obligations. Know how employees use it and whether they have configured the application security settings to your policies and industry best practices.
  • Previous
    Step-Up Authentication
    Next

    Step-Up Authentication

    Because users access cloud apps from off-site, via mobile, and over insecure networks, evaluate potential risks in context and automatically apply additional security measures, like a one-time passcode.
  • Previous
    Corporate and Personal Mobile Access
    Next

    Corporate and Personal Mobile Access

    Employees access cloud apps from corporate and BYOD devices, which contain copies of sensitive documents and are especially vulnerable to attacks. Cloud app providers don't distinguish between managed or unmanaged BYOD devices–but enterprises should.
  • Previous
    Monitor User and Administrator Activity
    Next

    Monitor User and Administrator Activity

    To protect data stored in the cloud, know what's there, who's accessing it and what they are doing. Administrator or "privileged" accounts are hackers' targets, so watch the watchers when it comes to SaaS apps.
  • Previous
    Watch for Account Takeovers
    Next

    Watch for Account Takeovers

    Hackers are focusing on stealing cloud app credentials to walk in the "front door." Consider adding capabilities that detect anomalous activity to prevent account takeover attacks.
  • Previous
    Know Where Company Data Is
    Next

    Know Where Company Data Is

    Data centers are spread across the globe, so information may get placed in jurisdictions your corporate governance policies or security compliance mandates do not permit. Obtain up-to-date reports on where cloud service providers store data and make an informed decision about whether to sanction their use.
  • Previous
    Extend SIEM to the Cloud
    Next

    Extend SIEM to the Cloud

    Security Incident and Event Management (SIEM) systems are critical for correlating data to understand risk and identify potential threats to data center resources. But cloud applications operate outside the range of enterprise SIEM deployments. Aggregate standardized activity logs across cloud apps to extend SIEM to the cloud.
  • Previous
    Implement Controls to Enforce Security Policies
    Next

    Implement Controls to Enforce Security Policies

    In the layers of security implemented to protect the on-premises data center typically do have no impact on cloud apps, so IT lacks the ability to define consistent usage and access policies across all cloud apps and cannot effectively enforce them. Cloud Access Security Brokers can help.
  • Previous
    Pay Attention to User Accounts
    Next

    Pay Attention to User Accounts

    Identify them before malicious insiders, ex-employees or hackers get to them. Abuse of orphaned or dormant accounts can go on for a long time, leaving the organizations foldable to data exfiltration and exposure of sensitive data and corporate secrets.
 

The use of SaaS applications is growing globally, as SaaS increases business agility. Cloud-based services are booming in the enterprise and they can be spun up on the fly by an employee with a credit card without involvement from IT or the corporate bureaucracy. Consequently, regulating cloud app use has become a challenge for IT departments, which must adopt measures to discover, monitor and enable employees to be productive when using these apps. According to a recent Gartner report, "90 percent of staff adopters expect SaaS to contribute more than 50 percent of their spending on enterprise applications by 2018." Furthermore, Gartner's 2014 CIO Agenda Report shows that globally, an average of 27 percent of IT spending is from outside the IT budget. Ofer Hendler, co-founder and general manager of Skyfence, an Imperva company, offers 10 tips to help organizations handle staff-provisioned apps–both sanctioned and unsanctioned "shadow IT"–in the enterprise.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...