As expertise adoption has shifted to be employee-led, simply in time, and from any location or gadget, IT and security groups have discovered themselves contending with an ever-sprawling SaaS assault floor, a lot of which is commonly unknown or unmanaged. This drastically will increase the danger of identity-based threats, and in accordance with a current report from CrowdStrike, 80% of breaches at present use compromised identities, together with cloud and SaaS credentials.
Given this actuality, IT security leaders want sensible and efficient SaaS security options designed to find and handle their increasing SaaS footprint. Listed below are 5 key methods Nudge Safety may also help.
Shut the visibility hole
Realizing the total scope of SaaS apps in use is the inspiration of a contemporary IT governance program. With out an understanding of your complete SaaS footprint, you can’t say with confidence the place your company IP is saved (Did somebody sync their desktop to Dropbox?), you can’t make assumptions about your buyer knowledge (Did somebody add your buyer record to a brand new advertising app?), and also you definitely cannot make sturdy assertions about your manufacturing knowledge (Did somebody clone their atmosphere into a brand new AWS account to recreate a assist concern?).
However, given the tempo of SaaS adoption, it’s a endless, pain-staking activity to gather and keep an correct SaaS stock. Nudge Safety addresses this drawback with real-time, steady SaaS discovery that doesn’t require brokers, browser plug-ins, community proxies, or difficult API configurations. Inside minutes of beginning a free trial, you’ll have a full stock of all SaaS accounts ever created by anybody in your org, together with security context on every app, alerts as new apps are launched, and the power to automate SaaS governance duties.
Handle OAuth dangers
Right now, any worker has the ability at their fingertips to string collectively a number of SaaS purposes and knowledge utilizing no-code / low-code integrations that leverage authorization strategies like OAuth grants. This creates a fancy mesh of SaaS purposes, making it extraordinarily troublesome to reply the elemental query of, “who (and what SaaS purposes) have entry to my company property?” Attackers are benefiting from this complexity to maneuver laterally throughout the SaaS provide chain to get to the crown jewels.
Given this, it is necessary for IT and security groups to usually evaluation the OAuth grants which have been launched for his or her group to establish and deal with overly permissive scopes and app-to-app connections which will run opposite to knowledge privateness and compliance necessities.
This text offers an summary of key steps for analyzing OAuth grants and assessing potential dangers, together with an summary of how Nudge Safety offers the context you’ll want to simplify this course of.
Monitor your SaaS assault floor
Latest high-profile SaaS provide chain breaches at Circle CI, Okta, and Slack mirror a rising pattern in attackers focusing on enterprise SaaS instruments to infiltrate their prospects’ environments. As talked about above, the advanced and interconnected nature of the fashionable SaaS assault floor makes it attainable for attackers to maneuver via the software program provide chain to search out useful property.
Given this actuality, it is necessary to grasp what company property are seen to attackers externally and, due to this fact, may very well be a goal. Arguably, the SaaS assault floor extends to each SaaS, IaaS and PaaS utility, account, consumer credential, OAuth grant, API, and SaaS provider utilized in your group—managed or unmanaged. Monitoring this assault floor can really feel like a Sisyphean activity, on condition that any consumer with a bank card, and even only a company e-mail deal with, has the ability to develop the group’s assault floor in only a few clicks.
Nudge Safety features a SaaS assault floor dashboard to indicate you all externally dealing with property attackers may see, together with SaaS apps, cloud infrastructure, dev instruments, social media accounts, registered domains, and extra. With this visibility, you may take proactive steps to reduce and shield your SaaS assault floor.
Increase SSO protection
Single sign-on (SSO) offers a centralized place to handle workers’ entry to enterprise SaaS purposes, which makes it an integral a part of any trendy SaaS id and entry governance program. Most organizations attempt to make sure that all business-critical purposes (i.e., those who deal with buyer knowledge, monetary knowledge, supply code, and many others.) are enrolled in SSO. Nonetheless, when new SaaS purposes are launched outdoors of IT governance processes, this makes it troublesome to actually assess SSO protection.
Nudge Safety reveals you which of them apps are enrolled in SSO (and which aren’t) together with context on every app so you may appropriately prioritize your SSO onboarding efforts. If you end up able to onboard new apps to your SSO software, Nudge Safety initiates SSO onboarding workflows to make the method simpler.
Prolong MFA utilization
Multi-factor authentication provides an additional layer of security to guard consumer accounts from unauthorized entry. By requiring a number of components for verification, similar to a password and a novel code despatched to a cellular gadget, it considerably decreases the probabilities of hackers having access to delicate info. That is particularly necessary in at present’s digital panorama the place identity-based assaults are more and more frequent.
With Nudge Safety, you may see which consumer accounts do (and do not) have MFA enabled, and ship “nudges” to customers through e-mail or Slack to immediate them to allow MFA for his or her accounts. With the long-tail of purposes typically adopted with out IT oversight, this visibility helps IT groups be sure that SaaS security greatest practices are adopted.
Begin enhancing SaaS security at present
Nudge Safety offers IT and security groups full visibility of each SaaS and cloud asset ever created of their orgs (managed or unmanaged), and real-time alerts as new accounts are created. With this visibility, they’ll remove shadow IT, safe rogue accounts, decrease the SaaS assault floor, and automate tedious duties, all with out impeding the tempo of labor.
Begin a free 14-day trial right here.