Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Application Security

SaaS Application Risks and The Human Element

For far too long, the conversation around cloud and security has revolved around Shadow IT, the use of cloud applications that IT doesn’t know about. The reality, however, is that 90% of corporate data will reside in the SaaS applications that are approved for business use. That’s where the attention of IT organizations should focus on – how to extend visibility, governance and protection to these SaaS applications.

For far too long, the conversation around cloud and security has revolved around Shadow IT, the use of cloud applications that IT doesn’t know about. The reality, however, is that 90% of corporate data will reside in the SaaS applications that are approved for business use. That’s where the attention of IT organizations should focus on – how to extend visibility, governance and protection to these SaaS applications.

But, when it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud:

Anywhere anytime any device access – First, users with an account and password can access SaaS applications from anywhere on any device at any time. This includes access via managed and unmanaged devices. This is very different from on-premise applications where access is only allowed via corporate VPN networks and managed devices, and additional barriers of security exist between the user and the data center hosting the application.

For the first time, how information is used and shared is defined by users, not IT – SaaS application folders and files are created by users. Users can invite collaborators and share these files with anyone using just one link. Many of these users have very little security background to understand when their actions bring risks to the organization

Unique data sharing capabilities – There are a myriad of ways that data is being shared and stored, unique to very SaaS application. For example, did you know that within Salesforce alone, you can have data in Chatter files, CRM content, Salesforce knowledge base articles, documents (web development materials), and attachments (files attached to a record)? It is unrealistic to expect security IT administrators to understand the nuances of every SaaS application, yet they are ultimately responsible for governance of the data in it.

What all this means is that SaaS application usage risks are inexplicably tied to the human element. Who users interact with, their privileges, the data they touch, how they access the data and their behaviors are the very attributes that impact an organization’s risk profile in the cloud.

Cloud Usage RisksHere are the five best practices to manage your risks with SaaS application usage, courtesy of real-world data from Adallom’s Cloud Usage Risk Report.

1. Address your zombies

Advertisement. Scroll to continue reading.

Those of you who are close to me know that I’m a huge fan of AMC’s Walking Dead, a show about the zombie apocalypse. I’m stocking up on ammo and working on my samurai-wielding skills as we speak. But, it turns out these skills will be useful for my day job as well because zombies are real and thriving in the cloud. 11% of all enterprise SaaS accounts are “zombies,” inactive users for the last three months. They are at best eating up (no pun intended) the cost of a SaaS application license, and at worst increasing the attack surface of the organization. It’s a good best practice to address your zombie users.

2. Plan for the departed

Don’t forget about the employees who have left the company. 80% of companies have at least one former employee whose SaaS application credentials have not been disabled. As part of the exit interview, organizations have a plan in place for disabling on-premise access (easily accomplished by turning off “VPN” access), but may not have formulated a plan for cloud. Not only must access to corporate SaaS applications be removed, but IT administrators must also account for files that are owned by the departing employee. A transition plan must be in place to transfer ownership of files to prevent “orphan” file issues where files have no clear attestation trails or violate data retention policies.

3. More admins, more problems

Privileged users bring greater risks because their access makes it easier for them to do damage, whether intentionally or if their credentials are stolen. In some SaaS applications, Adallom recorded an average of 7 administrators out of every 100 users. Sometimes, the reason for this is benign; an IT administrator grants a user privileges to run a special report, and forgets to rescind the privileges later. Other times, it is because the application administrator accidentally created the same privileged accounts for multiple users. Regardless, it represents a significant threat to any organization that requires immediate attention.

4. Where is your data?

37% of Adallom customers discovered they stored more cloud data in Salesforce than any other cloud storage service. For governance and security purposes, it is critical to understand where corporate data resides and who they are being shared with. Just don’t make the assumption that it only exists in content management systems. The best practice here is to integrate an enterprise storage solution (like Box) for governance, along with a Cloud Access Security Broker for risk management.

5. Sharing is caring, except in the cloud

Sharing in the cloud is extremely easy. After all, collaboration is one of the reasons to move to cloud applications. Users are likely to (accidentally) provide public access to a folder, enable access to a third-party application or share files with their personal email accounts. The statistics are staggering:

• The average company shares files with 393 external domains

• 5% of an average company’s private files are publicly accessible

• 29% of employees share an average of 98 corporate files with their personal email accounts

Best practices include disabling anonymous access and indexing within your SaaS application. This prevents search engines from indexing or crawling documents within SaaS applications. You must also identify oversharing violators, and how third-party ecosystem applications are integrating with your SaaS applications. Cloud access security brokers focused on governance and threat prevention can help with addressing these issues, including removing public access.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.