10 Ways to Take Control of SaaS Apps and Shadow IT
Identify Employee-Supplied Apps
IT can define and enforce a cloud security strategy only if it is aware of the applications in use. It’s essential to discover cloud apps that employees provision on their own.
App-Associated Risks
Once you have discovered an employee-supplied app, know it’s security practices, data center location and regulatory compliance obligations. Know how employees use it and whether they have configured the application security settings to your policies and industry best practices.
Step-Up Authentication
Because users access cloud apps from off-site, via mobile, and over insecure networks, evaluate potential risks in context and automatically apply additional security measures, like a one-time passcode.
Corporate and Personal Mobile Access
Employees access cloud apps from corporate and BYOD devices, which contain copies of sensitive documents and are especially vulnerable to attacks. Cloud app providers don’t distinguish between managed or unmanaged BYOD devices–but enterprises should.
Monitor User and Administrator Activity
To protect data stored in the cloud, know what’s there, who’s accessing it and what they are doing. Administrator or “privileged” accounts are hackers’ targets, so watch the watchers when it comes to SaaS apps.
Watch for Account Takeovers
Hackers are focusing on stealing cloud app credentials to walk in the “front door.” Consider adding capabilities that detect anomalous activity to prevent account takeover attacks.
Know Where Company Data Is
Data centers are spread across the globe, so information may get placed in jurisdictions your corporate governance policies or security compliance mandates do not permit. Obtain up-to-date reports on where cloud service providers store data and make an informed decision about whether to sanction their use.
Extend SIEM to the Cloud
Security Incident and Event Management (SIEM) systems are critical for correlating data to understand risk and identify potential threats to data center resources. But cloud applications operate outside the range of enterprise SIEM deployments. Aggregate standardized activity logs across cloud apps to extend SIEM to the cloud.
Implement Controls to Enforce Security Policies
In the layers of security implemented to protect the on-premises data center typically do have no impact on cloud apps, so IT lacks the ability to define consistent usage and access policies across all cloud apps and cannot effectively enforce them. Cloud Access Security Brokers can help.
Pay Attention to User Accounts
Identify them before malicious insiders, ex-employees or hackers get to them. Abuse of orphaned or dormant accounts can go on for a long time, leaving the organizations foldable to data exfiltration and exposure of sensitive data and corporate secrets.
