sb-as logo
Story image

Gartner on the five steps crucial to closing SaaS security gaps

30 Aug 2016

Security leaders know that business goals can be achieved only when the same security principles and governance being applied in-house are also applied to the public cloud.

The trouble is that some cloud services are being procured without the knowledge and control of the enterprise IT organisation. Some of these services don’t have the necessary enterprise security controls in place. Gartner regularly talks to security teams who are dealing with large numbers of cloud applications and services and grappling with how to secure them.

The shift towards mobile and software-as-a-service (SaaS) applications is an important step in the digital transformation journey, but it has left a gap in security and compliance that is not being met by traditional solutions.

Gartner believes that by 2021, 27 percent of corporate data traffic will bypass perimeter security (an increase from 10 percent today) and flow directly from mobile and portable devices to the cloud.

“The heart of the issue is that most organisations are moving to a relatively large ecosystem of cloud service providers, rather than a monoculture,” said Craig Lawson, research vice president at Gartner.

“Creating and maintaining a security policy on a per-cloud-service basis is more than a chore when hundreds of cloud services are in use — it quickly becomes a high source of risk,” said Mr. Lawson.

Many of the key macro IT trends that drive the IT industry are out of a security organisation’s ability to control or even influence. They’re being driven by end users, the business, buyers in the enterprise outside the IT organisation and enterprise software providers.

“The increasing ubiquity of cloud and mobile adoption can reduce the visibility and control that IT security teams have over organisational risk exposure,” said Mr. Lawson. “User behaviour is becoming a stronger concern than any service provider vulnerabilities on the cloud platform.”

Closing the SaaS security gaps

Security leaders need to proactively ensure that the four main areas of weakness and risk – visibility, compliance, threat prevention and data security – are being addressed for the cloud with same level of consistency as its on-premises services.

The emergence of cloud access security brokers (CASBs), in conjunction with identity and access management (IAM) as a service (IDaaS), is an opportunity for enterprise security executives to take the lead and be the “yes, and here’s how” leaders in the organisation in relation to cloud adoption.

There are five things you can do to close the SaaS security gaps in your organisation:

  • Proactively recommend cloud services that are business-ready and appropriate for your organisation’s business and technical needs, so that security standards can be addressed.
  • Use in-built or third-party tools to ensure that you’re meeting your organisation’s need to secure data across all sanctioned SaaS applications and cloud services.
  • Use CASBs to reveal unauthorised SaaS applications that are being used and to drive decisions about continued use versus replacement with better alternatives. CASBs provide a single control point to set policy, monitor behaviour and manage risk across the entire set of enterprise cloud services being consumed concurrently, regardless of user or devices.
  • Deploy threat protection features of IDaaS and CASBs to cover cloud-based services that are inaccessible to your existing security technologies.
  • Support your enterprise’s agility by demonstrating IT can change as rapidly as the business.

Article by Susan Moore, Gartner analyst.

Link image
How to head off a rise in DDoS attacks
Many businesses invest in costly DDoS mitigation and protection solutions, but few test them. NCC Group tests all environments and is one of only two AWS DDoS Test Partners. Claim 10% off your next DDoS service today.More
Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More
Story image
Google Cloud observes spike in DDoS volumes in last two years
Google Cloud has seen an ‘exponential’ rise in distributed denial of service (DDoS) attacks over the past decade, but the biggest attacks have only occurred in the past couple of years.More
Story image
How to address cyber-threats as a strategic risk
Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.More
Story image
Microsoft establishes data center region in Taiwan
Microsoft’s ‘Reimagine Taiwan’ initiative will be bolstered by the company’s plans to create a new data center region in the country.More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More