By Matt Hines, VP of Marketing at CipherCloud & Neeraj Nayak, Sr. Product Marketing Manager at CipherCloud
Summary: The rapid uptake of game-changing SaaS applications has been transforming the way organizations do business long before COVD-19 emerged and the remote workforce
exploded overnight. These key business enablers – including Salesforce, ServiceNow and Workday, among many others – offer indisputable strategic and operational benefits given their
cloud orientation. Yet, among the few obstacles to even broader adoption, security and compliance considerations remain tangible challenges, especially given even broader, post-pandemic adoption. Today’s security practitioners need practical guidelines and technical capabilities that support their expanding SaaS usage.
Most of today’s organizations continue to pursue an aggressive multi-cloud strategy when it comes to engaging popular SaaS apps such as Salesforce, ServiceNow, and Workday, among many others. The key drivers of this adoption are clear as these tools offer best-in-class capabilities for automating critical workflows. From enabling real-time collaboration from any location to offering more efficient operations and pricing models, these SaaS apps have fundamentally changed the way we do business.
Now, with COVID-19 driving a massive expansion of the remote workforce and further emphasizing the inherent value of these platforms, organizations are even hungrier to deepen and optimize their use of the cloud. At the same time, as the use of key enabling SaaS apps continues to increase, so do related security considerations – like everything from enforcing proper access to maintaining data security become bigger issues. High-profile data breaches such as the Equifax and Capital One incidents have clearly raised serious concerns around securing data in the multiple SaaS apps, in particular. Regardless of where data is stored in these tools, it is prone to zero-days, bad actors, and even more common issues of human error or broken business process. Further complicating this situation is the fact that enterprises rarely get to apply, if ever, a “one-size-fits-all” approach to SaaS apps data protection.
To wit, some data by its nature needs to be accessed by a wide group of users, while access to more sensitive data most often needs to be limited to a smaller subset. And there is an almost endless array of use case requirements across every organization, and its partners, creating daunting levels of complexity.
For example, in the healthcare setting, medical records are extremely sensitive and typically required by law to engage specific controls. Yet, to enable the business and support legitimate workflows, proper data protection depends on finite matters of context. Extrapolate this across all of the unique roles and data workflows ongoing across a popular SaaS app within a large hospital or health insurance provider and you begin to get a feel for the larger challenges. So, it would seem that to cover all the SaaS apps security bases, today’s CISOs and InfoSec teams must ask themselves some key questions, including:
● What use cases do SaaS applications’ native security tools address, and where is there a need for additional coverage?
● How well is cloud data protected from insider and external threats such as compromised accounts, theft, and malware?
● Does the organization have sufficient capabilities in place to identify, monitor, and enforce adherence with related security and compliance policies?
● How well are controls implemented when it comes to supporting both managed and unmanaged devices to enable the remote workforce?
● Do the SaaS apps comply with the regulations on data protection and privacy such as GDPR, CCPA, HIPAA, PCI, GLBA, and ITAR?
Here at CipherCloud, we are working with numerous customers who are applying a Zero Trust approach to cloud data security – a strategy focused specifically on protecting your sensitive enterprise SaaS apps data to answer these specific challenges. CipherCloud’s central premise is that data protection should be granular and policy-based to cover every scenario. This means that security policies must travel with the data and maintain exclusive control over access and handling, regardless of where it resides in the cloud. This enables enterprises to safely adopt a multi cloud strategy, ensuring that confidential and sensitive data is protected across all locations – in the cloud, on managed user devices, and unmanaged remote endpoints.
To learn more about best practices for SaaS apps security, sign up today for our upcoming webinar “5 Steps to Improving Data Protection for Salesforce, ServiceNow and Workday” – also available for download after the program. We know that you’re likely facing the same issue as our existing customers – join us to learn about how we can help translate these challenges into benefits!
The post Improving Data Security for SaaS Apps – 5 Key Questions every CISO needs to ask appeared first on CipherCloud.
*** This is a Security Bloggers Network syndicated blog from CipherCloud authored by CipherCloud. Read the original post at: https://www.ciphercloud.com/improving-data-security-for-saas-apps-5-key-questions-every-ciso-needs-to-ask/