When threat actors try to infiltrate an organization’s SaaS apps, they usually look to misconfigurations of SaaS apps as access. However, employees now use their personal devices, be it their phones or laptops, to do their jobs. If the hygiene of the device is not in order, it increases the risk to the organization and increases the attack surface for malicious parties. And so, Endpoint (Device) Protection – through EDR, XDR, and vulnerability management solutions – has become a critical factor in SaaS security.
The challenge in resolving the endpoint and device threats lies in the ability to correlate the SaaS app users, their roles, and permissions with the compliance and integrity levels of their associated devices. This end-to-end approach is what the organization needs to implement a holistic, zero-trust approach to their SaaS security.
Not an easy feat, but automated SaaS Security Posture Management solutions, such as Adaptive Shield, can now provide visibility that correlates the SaaS user and associated devices with the device’s hygiene score.
High Risk Devices
How do you classify high-risk devices in the context of SaaS security?
Devices owned or used by users with high permissions to the company’s core SaaS apps. For example, someone who has a lot of access to the company’s CRM could pose a high risk to the company if their device is vulnerable and needs to be fixed immediately. These high-risk devices are a critical threat vector to an organization’s SaaS environment.
Security teams must continuously assign devices to their users and their associated permissions to understand which devices/users are most at risk.
Correlate between user, app and device
As mentioned, the more privileged the user, the greater the risk of his device. To gain in-depth understanding of user, app and device attitudes, security teams need to monitor the hygiene of their users’ devices, such as up-to-date OS configurations and vulnerabilities. With that assessment and score in hand, security teams can map and monitor access to the user’s SaaS app (in addition to securing the SaaS apps themselves, of course).
Once these cross-references are in place and accessible, organizations can enable “soft” enforcement improvements through organizational policies and best practices. In this way, security teams can monitor risks and threats without severely limiting the user.
Go for the Zero Trust approach
Zero trust is a concept that is much discussed today in the vernacular of cybersecurity. Though many consider it a buzzword, its meaning represents an important approach that cannot be overemphasized. To fully secure the organization’s SaaS stack, end-to-end and continuously, a holistic and automated solution is needed.
An SSPM solution, such as: Adaptive shield, is built to solve not only the need to manage the SaaS app configurations themselves, but also the devices that the employees of the organization use. (Not to mention third-party app access — and you can read more about it here.) When integrated with the mobile device management (MDM) solution, Adaptive Shield retrieves the device data and assigns the device to the owner.
By looking at device attitudes while conducting a SaaS security assessment, organizations can achieve a holistic zero-trust approach.