The Future of SaaS Security is Here: Intelligent SSPM to Safeguard Your Sensitive Data
Yael Yair Cohen and Gal Nakash
April 12, 2023
Empowering Our SaaS Data Defenders
The convenience of using SaaS-based storage services like Google Drive has revolutionized the way we store and share files. However, with this convenience comes the risk of inadvertently exposing sensitive information to the public. For example, if someone shares a file or folder with the wrong person or forgets to restrict access to sensitive information, it could end up being publicly accessible. Publicly exposing a file on Google Drive, or sharing it by private email, can pose several risks, including data breaches, malicious use by cybercriminals, intellectual property theft, and reputation damage.
Moreover, using SaaS applications can be uncontrollable because you are entrusting your data and applications to a third-party provider who has control over the infrastructure and management of the software. This can create a situation where you may not have full visibility or control over how your data is managed, secured, and processed.
A partial solution well-known is SSPM (SaaS security posture management), which provides visibility into the security of SaaS applications, identifies potential vulnerabilities by monitoring the security posture of SaaS applications, and usually offers remediation steps to mitigate the risks.
To protect against these risks, it is important to detect and mitigate risks, we at Reco provide a data security solution that proved to be effective in detecting and mitigating the risks associated with the publicly exposed file on Google Drive, among other security risks and SaaS applications.
In this case, when a file is publicly exposed on Google Drive, we recognize if the file is sensitive, and if so, we will alert to take immediate action to remove access permissions for unauthorized users and set up an auto-revocation process to ensure the files remain secure in the future.
Furthermore, we will detect the exposure due to external access, by external users, and we will alert immediately, providing a comprehensive view of all the files and assets exposed publicly by the same users. Take for example, several user accounts for the same person, Reco will detect such anomalies, and alert the security team.
Another key point is context. Although SSPM provides some visibility, the main issue with SSPM is the lack of context, which will eventually provide some valuable insight.
Reco will provide the relevant context, which will reduce the number of alerts, and save the organization time in remediating these issues, enabling quicker resolution for genuinely malicious actions, less stressed security teams, smoother workflows, and less intrusive security overall. Each alert generated by our system will contain all the relevant details, such as the users involved, the assets affected, and other pertinent information necessary for risk mitigation.
Thus, Reco will provide a detailed report on the users that will supply the right tools to understand who is the user and his interactions, to which assets and apps he has access, and how to act to mitigate the risk.
Consider the scenario of an employee who is leaving the company. As part of the off-boarding process, it is necessary to revoke their access to all accounts, including Google Drive. However, if the employee had shared any assets in Google Drive with their personal email account, they will still have access to those files. This highlights the importance of maintaining complete visibility over the employee’s actions, assets, and interactions, even after they have left the company.
Another tool Reco provides is the policy mechanism, designed to work in conjunction with the contextual information we provide, that will prevent security risks. We enable users to define relevant policies, so they will be alerted of all the related activities, for a specific user.
See for example, how in the case discussed, the security team will be alerted about several accounts for the same person, which might increase the security risk, and insider risks, and prevent them to use their privileges across different accounts to perform unauthorized actions or access sensitive data. Having multiple accounts for the same person increases the attack surface and makes it more challenging to maintain proper security controls and oversight.
Such incidentsincident highlighthighlights the importance of implementing effective security measures and regular monitoring for any unauthorized access to sensitive data.
Reco’s data security solution provides the necessary comprehensive security measures to protect against such incidents and mitigate the risks associated with them.