Home / Blogs

The Sysadmin’s Guide to Securing Your SaaS Apps

As an admin, app security should be a top priority - but SaaS apps represent a difficult challenge in that regard. How can you protect your business from their risks, while enjoying all their rewards?

Within the average enterprise, there are 508 unique cloud applications in use. That number’s overwhelming enough on its own without considering that 88% of those applications aren’t enterprise ready, or the fact that one in five cloud applications has data sharing as a core functionality. Allowing your employees to use these apps freely is like installing a screen door on the side of a boat - sure, it might not sink your organization, but it’s still a huge risk.

Of course, the challenge is that where SaaS apps are concerned, you as an administrator have very little control. People are going to rely on the functionality these apps offer in an effort to get their jobs done. That’s inevitable.

The only thing you can control is whether or not your data is protected as they do so. At its core, that’s tied to whether or not your users look upon you as a productivity enabler or just another obstruction. Let’s talk about how you can be the former.

Talk To Your Users

If your users are employing third-party, consumer-grade SaaS apps in the workplace, then it’s blindingly clear that they’ve some productivity need your business’s standard tools aren’t meeting for them. You have to find out what that need is - determine the functionality your users require in order to effectively do their jobs. I guarantee that for every single unsecure app your users employ, there’s an enterprise-ready alternative just waiting to be implemented. And it’s up to you to find them.

But that’s only the tip of the iceberg.

Improve Your Authentication Process

There’s a simple term I’d like you to familiarize yourself with: Single Sign On. Your end goal here is to make your entire SaaS application suite part of one platform, in a sense - to allow your users to access every single application they need to get their job done while only requiring them to authenticate once. On the surface, that may sound like a huge security breach waiting to happen.

Improperly-implemented, it most assuredly is. But here’s the thing - single sign on can actually be incredibly secure if you make use of multi-factor authentication. Consider the following authentication process, which makes use of several ‘security barricades,’ but nevertheless remains secure:

  • An employee wishes to access their business’s SharePoint repository via smartphone. When they attempt to access the system, it immediately recognizes the device they’re using - it’s been registered as ‘trusted.’
  • Said employee is then prompted for their fingerprint. They use the fingerprint scanner on their smartphone.
  • Finally, they’re prompted to enter a four-digit PIN or username/password.
  • Once they’ve done all this, they can access not only the SharePoint repository, but every other SaaS app employed by their organization until the authentication period expires (something which can be controlled by IT).

That’s actually a pretty barebones process - you can makes things even more complex by introducing features such as access time and access location into the mix. But from the employee’s perspective, it’s pretty seamless. They simply log-in, swipe their fingerprint, enter their PIN, and they’re done.

Better yet, the multiple checks and balances ensures that if someone does try to crack your system, they need to not only possess the employee’s physical device (which can easily be reported as lost or stolen), but also their fingerprint and their login info.

Sure beats using RSA Tokens and Smartcard Readers, doesn’t it?

Rethink Your Protocols

According to Search Cloud Computing, insecure access protocols are one of the most significant security risks facing SaaS applications in enterprise. With that in mind…what are you doing to protect your remote employees? Are you using Telnet or FTP? Have you neglected to set up a secure tunnel or VPN?

You’d best answer those questions before going further—because even if your applications are secure, they can still leak data over an unsecured connection.

Containerize Critical Applications

Given how many employees want to use their personal devices in the workplace, I’d strongly advise that you look into some form of containerization solution - some way to lock off business applications and accounts from personal ones on a user’s smartphone. App-based containerization’s actually come a long way in recent years, and there are several solutions on the market that are completely managed by IT, and rely solely on centralized security controls.

That means no on-device encryption for hackers to break through, and no need for you to worry about a consumer app leaking critical data from an enterprise app (though admittedly, this risk is relatively minor with SaaS applications compared to traditional mobility).

Keep Your Head Out Of The Clouds Where Security’s Concerned

SaaS applications have become central to the workplace. As an administrator, it’s your job to ensure that they don’t represent a security risk. Because your employees are going to use them no matter what you do.

By Tim Mullahy, General Manager of Liberty Center One

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign