Latest Cyber Security News

You are here: Home / General Cyber Security News / New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data
May 3, 2024

SaaS applications are dominating the company landscape. Their enhanced use enables corporations to press the boundaries of technology and organization. At the same time, these programs also pose a new security risk that security leaders want to address, considering that the present security stack does not allow finish management or complete monitoring of their use.

LayerX has a short while ago produced a new guidebook, “Let There Be Light: Removing the Risk of Shadow SaaS” for security and IT groups, which addresses this gap. The guidebook describes the troubles of shadow SaaS, i.e., the use of unauthorized SaaS applications for perform reasons, and indicates practices and controls that can mitigate them. The guideline also compares different security controls that try to tackle this risk (CASB, SASE, Safe Browser Extension) and points out how every a single operates and its efficacy. Therefore, the manual is a will have to-read for all security leaders at fashionable companies. Here are the key highlights:

What is actually the Risk?

According to LayerX, 65% of SaaS apps are not authorised by IT and 80% of employees confess to applying unapproved applications. This signifies that the vast majority of companies are dealing with their corporate info remaining likely exposed to external threats.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The three most important pitfalls posed to organizations are:

  • Info Decline – Exposure of sensitive data as a result of numerous SaaS apps. These include things like ChatGPT or other GenAI apps, spelling checkers, apps that enable take care of knowledge information, and so on. This leakage could be inadvertent by way of “harmless” applications. Alternatively, it could be the final result of employees applying maliciously developed SaaS apps, meant to be utilized as a decoy and to lure workers to share sensitive details.
  • Identification Theft and Account Takeover – Destructive entry to company qualifications. This takes place when workers login to SaaS apps with their operate email messages and, normally, a recycled password, and attackers get this details.
  • Compliance and Privacy Violations – Violation of privacy laws because of to the exposure of private and delicate details throughout community channels.

    • Shadow SaaS Mitigation Suggestions

    To address the risk of shadow SaaS, the manual introduces a 3-pronged tactic: App Discovery, Consumer Checking, and Lively Enforcement. Each factor is dissected and explored, offering viewers with a obvious roadmap to proficiently shield their systems and methods.

    As a element of this exploration, the tutorial compares two alternatives for shadow SaaS mitigation: the standard Proxy tactic and the Browser-based solution. Every approach is damaged down into pros and downsides, equipping visitors with the facts they need to have to make your mind up which path ideal suits their organizational requires.

    At a glance, here is what the comparison boils down to (you can study the comprehensive investigation in the manual:

    App Discovery
    Consumer Monitoring
    Energetic Enforcement

    Proxy (SASE, CASB)
    Y
    N
    Partial

    Safe Browser Extension
    Y
    Y
    Y

    Protected Browser Extensions

    In the end, Safe Browser Extensions arise as the most extensive and user-welcoming option for combating shadow SaaS. These extensions empower IT and security teams to get back command of their SaaS environment, while supplying visibility and governance of SaaS application use. This guarantees a protected still adaptable workspace.

    Here is how safe browser extensions operate:

  • Discovery of All SaaS Applications – The protected browser extension performs continuous evaluation of browser sessions, exhibiting IT teams which SaaS applications the workforce is accessing.
  • Identity Security Posture Hardening – The safe browser extension can integrate with the cloud identity provider and act as an extra authentication factor. This prevents attackers with compromised credentials from accessing.
  • Alerts on Critical Alterations – The safe browser extension can also identify when a new consumer account is made. Then, an notify is induced so the identity workforce can analyze these apps and figure out whether they align with the organization’s security procedures or not.
  • Governance and Regulate – The safe browser extension can block obtain to applications that are flagged as dangerous and block knowledge add from the user’s device to the dangerous application.

    • SaaS apps are easy to use and they gain the organization’s operations. Security and IT groups who aspire to be business enablers will need to obtain strategies to allow for the use of SaaS applications, even though guaranteeing safety of corporate environments. A secure browser extension is the solution that can supply both. To master a lot more, read through the total tutorial.

    Uncovered this write-up fascinating? This short article is a contributed piece from one particular of our valued associates. Comply with us on Twitter  and LinkedIn to read a lot more exceptional content we write-up.


    Some pieces of this article are sourced from:
    thehackernews.com

    Reader Interactions

    Leave a Reply

    Your email address will not be published. Required fields are marked *