By: Isaac Msiska

Without a doubt, the advent of Software as a Service (SaaS) completely transformed the conventional way of accessing and running applications. Whether you are a simple end-user desiring to take advantage of a professional software subscription service such as Office365 or a corporate organization seeking to leverage the power of enterprise solutions such as Cisco Webex, SaaS is right at your service. Besides erasing the pain associated with maintaining software installed in on-premise local machines, SaaS is cost-effective. SaaS lets the user access updated and feature-rich software services delivered through the cloud at rates that suit his financial capacity. Many SaaS vendors provide their services at customized prices based on tailored specifications. The user has the option to choose a package that falls within her budget constraints. There is more – the tailored specifications mean that a user can select only those features that are relevant to his work. 

But this is not what this article is focusing on. 

Amidst the excitement of migrating to SaaS and dumping the legacy system of owning and running software, the issue of security should be highly considered. It is easy to be caught up in the great leap to SaaS without stopping to think about how one would prevent unforeseeable cases of data breaches, cyber-thefts or threats posed by malware. 

This is what this article is focusing on.

The trajectory in SaaS security has shifted  

SaaS is rapidly gaining virtual ground. 2017 estimates from the International Data Corporation (IDC) predicted that spending on public cloud infrastructure will increase more than 20 percent per year with around 60 percent of that growth coming from SaaS. The speedy rate at which companies, businesses, and home users are adopting SaaS, gives us a distant yet clear glimpse into the future of this software solution. The spiraling number of SaaS adoptees also provides a savory opportunity for hackers and cybercriminals alike to explore SaaS for dark gains. 

It is no brainer that using SaaS essentially involves the exchanging of sensitive information. A ‘SaaS-y’ example of this is the Microsoft Exchange Online email solution where sensitive data is transmitted back and forth between users. McAfee’s 2019 Cloud Adoption and Risk Assessment report specifies that nearly a quarter of data in the cloud is sensitive. Herein lies another danger. Bearing those figures in mind and considering that SaaS is closely aligned to cloud services, there is a high risk of sensitive information falling into the wrong hands if the SaaS security is flawed. 

Compromised SaaS environments present a gaping hole through which confidential information can easily leak out to the public domain. The threat is real. A study by Sophos revealed that exposed data accounted for 29 percent of common attacks on companies that host data in the cloud. Leaving your SaaS security unattended will only give hackers the leeway to seize control of your SaaS applications or accounts, steal valuable credentials or create backdoors to spy on you. In the grand scheme of SaaS, data breaches are a clear and present danger. Data breaches may be the worst nightmare for SaaS users but that is not the only threat peeping through the keyhole. Unchecked SaaS security can also leave the door wide open to all types of malware attacks you can possibly imagine. 

Keeping your SaaS secure   

Some sectors of the population using SaaS assume that the security of their SaaS solution is solely the responsibility of the SaaS provider. No. Security is a two-way thing that rests in the hands of the vendor and the ultimate end-user. While the SaaS provider holds the largest piece of the pie in the security room, the end-user needs to play his part to create a completely secure environment in the SaaS setting. The question is how? 

1. Identity and Access Management (IAM) to the rescue

One of the vibrant ways of bumping up the security of SaaS accounts is through IAM. IAM controls who accesses what sections of your SaaS’ data and applications. Robust IAM systems give controllers the ability to restrict which devices have access to the system and block particular users from transmitting specific information whether within or outside the business. IAM protects systems from leakage of sensitive data and keeps security breaches at bay. By creating a central point of security control that keeps tabs on who is accessing what data, how they are using it, and from which devices, IT controllers have the proactive advantage of identifying, responding to, and mitigating security breaches in the SaaS platform. 

2. Activate MFA

There is nothing that puts data at a greater risk than compromised accounts. Did you know that 92 percent of organizations have stolen cloud credentials for sale on the Dark Web? It is because of frightening stats like these that made cybersecurity experts develop the Multifactor Authentication (MFA) mechanism. MFA regulates access to the SaaS system and apps by ensuring that the login request is coming from the appropriate user. Multifactor Authentication requires the user to prove his legitimacy and credentials through multiple stages that involve, for example, answering security questions and declaring a security token from a registered physical device. One type of MFA is Two Factor Authentication (2FA). Activating MFA adds an extra level of security to SaaS accounts by firewalling unauthorized access. 

3. Consider engaging Management Service Providers 

Corporate organizations that have the resources and capacity may consider using the Management Service Providers (MSP) approach. As companies that specialize in managing IT infrastructures and services on behalf of end-users, MSPs are indispensable assets in SaaS security. Outsourcing the security aspect of your SaaS to a third-party provider not only takes away the toll off your shoulders, but also gives you the assurance that the system is being monitored by experts.