September 15, 2020
3
MIN READ

SaaSOps: Your IT Team's Latest Security Challenge

Security & Compliance

COVID has accelerated migration to the cloud. And has also exposed the security of your IT structure like never before. We give you seven tips for IT professionals to tackle these new challenges.

COVID has accelerated migration to the cloud. And has also exposed the security of your IT structure like never before. We give you seven tips for IT professionals to tackle these new challenges.

Corporate software: from traditional infrastructure to full SaaS**

It wasn’t so long ago that we used to operate and store all company data within the “safe” walls of a corporate network behind a firewall. This includes sensitive data like customer data or company financials.

Then SaaS and the cloud came along, and some companies started using SaaS. And inevitably, teams started transferring confidential data to these apps. Apps that are not protected by the corporate firewall and that started creating a few challenges for security teams.

Then COVID struck and migration to the cloud became total for many companies. Teams went remote and SaaS became essential for businesses to keep operating.

SaaS products are incredible empowerment tools, but whilst everybody was shouting about how great SaaS is, IT was scratching their heads thinking.. “ah, this used to be so much easier to control”. And they are right.

SaaS is great, but its management faces several challenges**

Every time that an employee subscribes to a new SaaS product, security risks increase. Especially if those apps have excessive permission scopes to other apps that you use. This is the case of a company called 18F, when more than 100 Google Drive folders got exposed to unauthorised users during a five-month period, just because an employee enabled an option at Slack that displayed document previews.

But the problem is that IT doesn’t even know which SaaS to supervise. Because simply, they don’t know which SaaS employees are using.

A Cisco survey of CIOs in large organisations estimated that IT teams believe to be using around 51 SaaS apps on average. But in fact, the same study concludes that 51 is far from reality, with the real number being closer to 730, later confirmed by a Gartner analysts Neil MacDonald and Craig Lawson study in an independent study. That’s right, IT doesn’t have control because they can’t control something if they don’t know it exists.

How can IT manage these risks?**

Simple. It is called SaaSOps.

SaaS Operations (SaaSOps) refers to the process of which SaaS is managed and secured through centralised, standardised and automated operations. Ultimately, SaaSOps includes all the processes and systems companies need to enable teams to be successful users of SaaS.

And what should a SaaSOps team exactly do? Here is a list of the top 7 hints for IT teams to tackle these new challenges created by migration to SaaS.

  1. Centralise all SaaS: this should help IT have visibility over their software stack at all time in order to eliminate unknown software. IT cannot manage something that it doesn’t know exists.
  2. Set up an agile approval flow: help IT understand which SaaS employees are subscribing to, without slowing the business down.
  3. Check permissions: in order to reduce cases like the 18F one, it is important that, once IT knows all SaaS teams are using, goes ahead and checks every one of them for possible perilous integrations with critical apps and takes action to reduce exposure risks.
  4. Establish a process in which departing employees lose access to company data instantly. Employees and contractor are the number one cause for data breaches according to RedTeam security, something important to bear in mind for SaaS security.
  5. Automate SaaS processes: from discoverability of SaaS to cancellation of the subscription, this process needs to be automatic and scalable. Otherwise, as your company grows, the on-boarding and off-boarding processes will simply get impossible to control. And the human factor will exponentially have more chances to result in errors.
  6. Integrate SaaS compliance: running compliance manually through all your SaaS tools, without embedding compliance in your approval process is time-consuming and challenging. Make compliance an embedded step in the buying and management processes for SaaS so it’s scalable, efficient and nothing falls between the cracks.
  7. Set up a SaaS audit system: same as compliance. You need to focus on important tasks and eliminate human error on repetitive tasks.

Conclusion**

If you are an IT leader, it is important that you realise that you need to take a proactive approach to manage SaaS. Otherwise, no matter what, your team will fail to keep it under control.
A way to do a great job is to empower your team with great tools. A smart way to do so is to sign up to an All-in-One SaaS management platform that suits these very needs listed above.

Suggestions and subscribe!

This post was inspired by questions provided by people like you. We love receiving new and interesting questions that help us think about data in new ways. If you found this post interesting and have other questions that you’d like us to help answer, drop us a line at hello@cledara.com.

Scroll down to subscribe to our newsletter!

Contents

Contents

The software management solution for finance teams.

Learn more

Subscribe to our newsletter

Receive the latest insights in your inbox

Share this post

Subscribe to our newsletter and stay informed on the latest SaaS insights

Explore more

Explore more

9 Shadow IT Risks (And How to Avoid Them)

There’s no point triple locking your door if you leave a window wide open. Here’s 9 eye-watering shadow IT risks to beware of—and how to mitigate them.
Read more

IT Governance Framework: A Guide for Enterprise Companies

IT governance is a formal way to integrate an IT strategy into an organization's business strategy. In this post, we’ll cover everything you need to know about it.
Read more

How To Protect Your Business From Toll Fraud

Business fraud can take many forms. Learn what toll fraud is and how you can protect your business with Cledara.
Read more

Process Documentation for Startups: How To Get Started + Best Tools

Documenting processes can help you optimize your workflow and reduce the growing pains of scaling your startup. Here's how to get started.
Read more

Password Management Tips for SOC 2 Compliance

The right tools will help your company pass through a SOC 2 audit with ease.
Read more

EBA Guidelines on Outsourcing Arrangements: Everything You Need to Know

Learn how to easily navigate around the latest compliance requirements by the EBA for outsourcing arrangements.
Read more

Why SaaS Management Will Help You Achieve the ISO 27001 Certification

How a proactive approach to understanding and controlling your software subscriptions can ease your road to ISO 27001 compliance
Read more

UK Companies to Comply with EBA Guidelines for Outsourcing Arrangements amid Brexit and COVID pandemic

We dug into the latest public statements by PRA and FCA on the EBA Guidelines and give you actionable advice on how to tackle their latest updates.
Read more

2020 GDPR Fines on the Rise

How one chat bot cost Ticketmaster more than a million pounds and what you can do to avoid the same fate.
Read more

New EBA Outsourcing Guidelines: What SaaS is Considered Critical or Important?

We dig into the jargon behind the regulation to help you understand what needs to be done with your SaaS
Read more

The Way Fintech Startups Buy SaaS is About to Change Forever

New Outsourcing Guidelines from UK and European financial regulators set new requirements for the way regulated fintech startups and other financial services companies buy and manage their SaaS.
Read more

GDPR Fines and Lessons for Startups

GDPR fines are getting larger and more frequent. An average fine is now more than $500,000, making a GDPR fine equivalent to a whole seed round!
Read more