SaaS Security: Gartner's 5 Tips For IT Pros - InformationWeek
IoT
IoT
Software // Productivity/Collaboration Apps
News
8/15/2016
11:06 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

SaaS Security: Gartner's 5 Tips For IT Pros

Cloud services present a major challenge to IT professionals charged with safeguarding their organizations. These 5 steps can help managers bridge the gaps in SaaS security.

7 Cyber-Security Skills In High Demand
7 Cyber-Security Skills In High Demand
(Click image for larger view and slideshow.)

IT managers trying to protect their businesses are challenged to apply the same corporate security tactics used in-house to their public cloud deployments, according to a new report from Gartner.

More organizations are moving to mobile and software-as-a-service (SaaS) applications as part of the digital transformation process, according to Gartner. This is a necessary step, but one that often leaves security gaps traditional IT solutions cannot fill.

In particular, IT managers face a major challenge in the large number of cloud applications procured without their knowledge -- a practice known as Shadow IT. Many of these services lack sufficient enterprise controls, and security practitioners are unsure of how to secure them all.

[Read: Microsoft raises security concerns with Secure Boot key leak.]

"The heart of the issue is that most organizations are moving to a relatively large ecosystem of cloud service providers, rather than a monoculture," said Gartner research VP Craig Lawson in a statement. The influx of cloud apps can do more harm than good.

"Creating and maintaining a security policy on a per-cloud-service basis is more than a chore when hundreds of cloud services are in use -- it quickly becomes a high source of risk," Lawson explained in the statement.

The trend has escalated to the point where the growth of cloud and mobile adoption has surpassed the control IT organizations have over their risk exposure. As a result, user behavior is a greater concern than vulnerabilities inherent to any cloud service provider.

Most businesses try to address the wrong SaaS risks, Gartner found. For example, IT managers are more likely to focus on provider security failure -- which is relatively unlikely -- than to address how they manage their own users and data.

When IT departments attempt to limit SaaS use within the enterprise, their efforts are often insufficient. They may cause users to find less secure alternatives. On top of this, their processes for buying SaaS products fail to meet the need for user, activity, and data controls.

Cloud vendors add to the IT challenge by not offering many assurances for their security features. Customers are left responsible for implementing native or third-party security measures. Many cloud services don't offer security policy tools to span cloud services outside their own.

(Image: Mattjeacock/iStockphoto)

(Image: Mattjeacock/iStockphoto)

It's critical for security practitioners to do everything they can to minimize the risk of SaaS security gaps within their organizations. These five steps, as recommended in Gartner's report, can help security managers tighten cloud security and keep their organizations safe:

  • Leverage Cloud Access Security Brokers: These can help IT managers pinpoint unauthorized SaaS apps and help them decide whether the apps should be replaced. CASBs give managers a single control point to manage risk across a set of cloud services.
  • Recommend business-ready cloud services: Security standards will be better addressed by services that align with your organization's specific technical needs.
  • Use third-party tools: Built-in tools and third-party services alike can boost the security of corporate data across cloud services and SaaS apps.
  • Support enterprise agility: Security pros can support enterprise agility by showing how IT can change as quickly as the business can.
  • Use threat protection: IT managers should launch the threat protection features of CASBs and Identity-as-a-Service (IDaaS) to cover cloud-based services that existing security solutions cannot access.

Have you faced challenges with cloud and SaaS security in your organization? Are these measures enough to help you mind the gaps? Are there other tips and tricks that have worked for you? Tell us about it all in the comments section below.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Cybersecurity Strategies for the Digital Era
At its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll