SaaS application users and logins are potential threats; whether they are bad actors or potentially disgruntled former colleagues, identity management and access control are critical to preventing unwanted or mistaken entry into an organization's data and systems.
With enterprises having thousands of users and hundreds of different applications, securing every entry point and user role is no easy task. Security teams need to monitor all identities to ensure user activity complies with their organization's security guidelines.
Identity and access management (IAM) solutions manage user identities and control access to enterprise resources and applications. As identity becomes the new perimeter, ensuring this area is managed by security teams is critical.
Gartner recently named a new security discipline called Identity Threat Detection and Response (ITDR), which combines detection mechanisms to investigate suspicious state changes and activity, and respond to attacks to restore the integrity of the identity infrastructure.
ITDR combines a strong SaaS security IAM governance approach with best practices in SaaS security posture management solutions (SSPM) to enable security teams to gain continuous and comprehensive visibility into user accounts, permissions and privileged activity across the SaaS stack, For example:
Determine who is accessing what, when, and with the correct permission levels
Forensics related to user actions, focusing on privileged users
Continuous and automatic discovery and integration of roles
Resizing roles by revoking unnecessary or unwanted access
Whether you are a CISO, IT, or a governance, risk, and compliance (GRC) team, this article will explain the role of identity and access management governance in your organization's SaaS security program.
What is IAM governance
IAM Governance enables security teams to take action on issues that arise by continuously monitoring the company's SaaS security posture and access control enforcement.
SSPM (like Adaptive Shield) can manage identity and access management governance in a few key prevention areas: 1) misconfiguration 2) vulnerability 3) exposure.
Misconfiguration
IAM controls need to be configured correctly on an ongoing basis. IAM configurations should be monitored for any suspicious changes and ensure appropriate steps are taken to investigate and remediate where relevant.
For example, an organization can enable MFA across the entire organization without requiring it. This gap in policy implementation can put the organization at risk—and SSPM can alert security teams to this gap.
loopholes
SSPM solutions can leverage patching or compensating controls to address commonly exploited vulnerabilities in identity infrastructure, such as SaaS users' devices. For example, privileged CRM users can pose a high risk to a company if their devices are vulnerable. To remediate potential threats from devices, security teams need to be able to correlate SaaS application users, roles, and permissions with the health of their associated devices. This end-to-end strategy provides a holistic zero-trust approach to SaaS security.
Another critical vulnerability stems from authentication protocols where password access is limited to single-factor authentication methods, such as legacy protocols such as IMAP, POP, SMTP, and Messaging API (MAPI). SSPM can identify where these protocols fit into an organization's SaaS stack.
exposed
SSPM helps reduce the attack surface by identifying and reducing exposure locations. For example, remove unnecessary or excessive permissions, or allow external administrators to manage critical business applications.
Additionally, 3rd party application access (also known as SaaS-to-SaaS access) can leave organizations exposed. Users connect one application to another to provide enhanced functionality or user information (such as contacts, files, calendars, etc.). This connectivity improves workflow efficiency so employees’ workspaces are connected to a host of different applications. However, security teams often have no idea which applications are connected to their organization’s ecosystem and are unable to monitor or mitigate any threats.
Original article by batsom, if reproduced, please credit: https://cncso.com/en/the-core-of-saas-security-html