October 27, 2020 | Identity Governance, Applications
The pace of SaaS adoption has increased remarkably in the recent past. A faster implementation process and a significant reduction in operational expenses for enterprises have driven the demand for SaaS applications across the spectrum. However, in the backdrop of proliferating SaaS applications in IT environments that range from CRMs to HR applications and from accounting software to ERMs, the inherent risks associated with access control have also multiplied.
Indeed, unlike on-prem data-centers where traditionally large enterprises have unambiguous policies as to people and process including a pre-defined set of rules to control access on systems; small to mid-size firms that are more inclined towards SaaS model due to lower operational cost– deploy it on ad hoc basis, often overlooking the security measures. Identity governance often takes a backseat.
A lack of identity governance could lead to serious IT incidents such as data breach, cyber espionage and abuse of credentials. There are three common reasons why an organization’s SaaS adoption could fail lest Identity governance is missing from the thick of things.
- Decisions to buy SaaS applications are often taken by non-IT security staff. Purchase decisions taken by various departments are often spontaneous depending on the business and operational needs. Without taking IT security measures into consideration end-users access SaaS applications sans centralized IT policy.
- The IAM practice is often inclined towards administering Identities rather than governing, and small to mid-size enterprises due to a lack of resources and funds fail to practice Identity governance and privileged access management. Consequently, there is lack of IT visibility. Critical IT governing steps such as authorization, bifurcation of roles and responsibilities, and time-based access control do not receive adequate attention.
- Amid proliferation of SaaS applications, it is very likely that some applications could remain underused or unused and hence out of administrative and governance oversight. This scenario is as devastating as an undiscovered privileged identity lying in a network periphery. Misused by the malicious elements, it could result in serious implications.
The Bottom line
Insider threats and third-party risks always lurk in the enterprise IT ecosystem no matter an organization is managing data in on-prem servers or on-cloud applications. Therefore, the onus of securing applications lies entirely with SaaS adopters. Unfortunately, most organizations focus on data, configurations and processes while critical components to safeguard SaaS environment are ignored. That attitude has to change. User onboarding, authorization of users, rules and role-based access to applications, audit and reporting of each and every access are crucial elements to secure and govern digital identities that interact with SaaS applications.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Endpoint Privilege Management mitigates risks arising out of endpoints. ARCON | Secure Compliance Management is a vulnerability assessment tool.