SaaS Security in the Great Resignation
The phenomenon known as the Great Resignation is showing no signs of slowing. Nearly 48 million people in the U.S. quit their jobs last year with another 4.3 million this past January alone. This creates obvious labor shortage challenges, but what’s less obvious are the critical risks it brings to workforce cybersecurity, specifically when it comes to offboarding employees. Today, the potential threat from employees (or contractors) who have left a company might be one of the greatest risks facing IT teams—who are tasked with ensuring only current employees have access to corporate digital assets; more specifically, access to the systems and tools they needed to do their jobs. It may sound easy enough to disconnect these exiting employees, but the growing software-as-a-service (SaaS) environments and remote workforces have made it increasingly difficult for organizations to handle the deprovisioning process to the fullest. For example, an ex-employee might retain access to an app that gets notifications from the company’s CRM, thereby allowing them access to confidential data from the organization.
As a result, the process of offboarding an individual and removing their access from every app they are connected to becomes increasingly challenging—a single oversight that leaves a former employee with continued access to sensitive digital assets can pose a huge potential liability. Insider threats, which include former employees who retain access to an organization’s SaaS apps, are responsible for 22% of security incidents.
And these oversights are not rare—the number of friends and colleagues I know who have access to systems from former workplaces is frightening. This is why companies need to modernize their IT service delivery strategies to stay a step ahead.
This begins with having an offboarding plan focused on mitigating these threats. Here are some key areas to consider.
The Three C’s of Deprovisioning
Offboarding becomes complicated when IT and security teams lose track of who is coming and going, who has gained permissions and access to a certain SaaS app and so much more. To regain control, organizations need to implement a comprehensive offboarding plan that aligns with IT and HR. From there, it’s time to focus on the best ways to successfully retrieve assets and remove access in order to protect the organization from risk.
A business may think it is secure because it has just-in-time (JIT), ​​system for cross-domain identity management (SCIM) or has developed a proprietary process to automate identity provisioning. But don’t be lured into a false sense of security; the reality is there are blind spots you have missed. Employees can still retain local credentials on the SaaS platforms they used the most as well as other sensitive systems. Resources created by users may still have public access even if the users’ access has been disabled. This is exactly why offboarding can be dangerous.
Your best bet when it comes to taking old users off systems is to focus on the three C’s:
- Communication—IT teams, human resources, and other internal groups must keep an up-to-date record of all users with access to company systems. To be truly effective, businesses should establish a channel of communication to keep the security team abreast of any events impacting user inventory—from new hires and promotions to demotions and terminations.
- Clarity—In addition to keeping track of intended system users, IT teams require user discovery capabilities that account for the full breadth of systems each person may be accessing. This includes those in legacy environments, like on-premises systems and in the mushrooming cloud environment.
- Control—IT teams need to develop onboarding and offboarding protocols that account for the full extent of privileged employee computing access. Without the communication and clarity provided by a thorough inventory of users, systems and access, security teams will find themselves staring at a gaping information hole that old employees might retain access to.
The Importance of SaaS Security Posture Management
End-user spending on cloud applications services (SaaS) is predicted to reach more than $171 billion in 2022. For security teams in an enterprise with hundreds of SaaS apps, managing security across hundreds of current and former employees is next to impossible. When businesses run nearly every facet of their operations using a wide array of interconnected cloud services, many have yet to update the way they monitor their business-critical apps. To deprovision effectively, businesses must be able to monitor the day-to-day changes occurring within their organization.
Security teams should introduce a SaaS security posture management (SSPM) solution that will alert them to inactive users and then take action by revoking their users immediately. An SSPM provides proactive, continuous and automated monitoring capabilities and delivers clear visibility into the entire SaaS ecosystem. At the first sign of a security glitch or misconfiguration, it then sends detailed timely alerts. This vastly simplifies the process, while reducing the amount of time it takes to fully deprovision users and ensuring that no accounts are left active.
As a result, no matter how an organization’s workforce changes, they have a built-in approach to offboarding that will help keep their SaaS stack safe.
