SSPM: A Partial Solution to Protecting Data in the Era of SaaS Collaboration
Yael Yair Cohen
April 3, 2023
The explosion in SaaS collaboration tools adoption such as Slack, Microsoft 365 or Google Workspace, GitHub, has forced significant changes in how organizations operate, leading to on-going digital transformations. Traditional data security protocols and solutions are rigid, relying entirely on one-dimensional rules that don’t take into account the vast reams of unstructured data flowing to both internal and external users.
SaaS security posture management (SSPM) presents a partial solution, that refers to the process of managing and maintaining the security of SaaS applications used by an organization, to ensure that they meet the organization’s security standards and requirements. The goal of SSPM is to provide a comprehensive and ongoing assessment of the security posture of SaaS applications to ensure that they are effectively protected against cyber threats.
One of the biggest cyber threats that will eventually follow in data breaches is 3rd party contractors, which will get access to sensitive data.
Take for example a contractor, with access to critical SaaS tools such as GitHub and Slack (as a guest user). The lack of control and weak security combined with the fact that the organization may have limited control over its activities might put your organization at risk. Furthermore, managing all the contractors’ permissions might result in misconfiguration, such as over permissions for a former contractor.
That’s where Reco comes in. We at Reco provide a solution for automatically discovering sensitive information in critical SaaS collaboration tools, using advanced analytics to map, classify, and tag data, including sensitive private GitHub repositories.
We enable users to define relevant policies, so they will be alerted of all the related violations. See for example, how in this case the security team will be alerted about unjustified access of an inactive contractor.
Another key point is the context, we at Reco are able to understand the context of an action (so will ignore a large majority of actions) reducing the number of alerts. This will then save the organization time in remediating these issues, enabling quicker resolution for genuinely malicious actions, less stressed security teams, smoother workflows, and less intrusive security overall.
Reco takes the analysis to the next level by correlating the sensitivity of the data with the relevant context, including all of the indicators surrounding a user, as well as the interactions between the data in question and other users involved.