We recently called out the top four SaaS security issues in 2020. The majority of the problems stemmed from what is known as “Shadow IT”. Shadow IT refers to software applications used within organizations without explicit organizational approval.
The key takeaway was that as SMEs embrace SaaS applications, they face new and unique security and compliance challenges. These challenges are compounded by the fact that IT has limited visibility––and control––over the information stored in these unsanctioned SaaS platforms. It’s a perfect storm of challenging-to-conduct oversight and sophisticated security threats.
The reality is that, while SaaS solves many problems for IT departments, it introduces some issues of its own. Fortunately, there are solutions to the most pressing issues: Stronger security measures.
When is the last time you saw a bank using a simple lock and key to protect itself from a break-in? Even before extra layers of security like alarms, motion detectors, and sophisticated biometrics became commonplace, banks protected their deposits behind seemingly impenetrable vault doors.
If your company is still using the equivalent of a lock and key to protect its SaaS applications, now is the time to up your security game. In this article, we cover two methods that you can employ to secure your SaaS application:
- Two Factor Authentication
- Single Sign-On
1. Two Factor Authentication
Arguably, the single best thing that you can do to improve your organization’s security is to turn on–and enforce–two-factor authentication (2FA) on all of your SaaS applications.
Historically, 2FA–often referred to as multi-factor authentication–was challenging to implement and disliked by both IT admins and end-users. However, with the proliferation of smartphones, applications have emerged to make it easier to generate the requisite 2FA pins or tokens.
Source: G2 Learning Hub
As a result, no one thinks twice now about having to confirm a login from a new device by entering a code. Plus, many SaaS platforms enable 2FA as a setting, reducing the time that it takes for IT departments to set it up. This ease of use and setup is a significant driver in widespread adoption, 56% of organizations are now using 2FA in some capacity.
The effectiveness of 2FA is because the second factor used is tough for cybercriminals to acquire. It’s difficult to gain access to something like someone’s smartphone, or near impossible to gain access to something biological, like a fingerprint.
Plus, if the hacker someone gains access to both security factors, there is a good chance that your employee has already reported a security concern––they are missing a device or received an alert that is inconsistent with their activities. 2FA gives the business a new level of awareness level to stop security breaches before they happen.
2. Single Sign-On
With single sign-on, users sign in once with one account to access domain-joined devices, company resources, SaaS applications, and web applications. A secure single sign-on (SSO) solution can be a convenient way to manage access credentials and user provisioning for your SaaS applications.
Done right, SSO can deliver significant benefits, especially given that the abuse of legitimate credentials caused 29 % of breaches in 2018. The productivity gains are also significant. The user login experience and process of managing identity is more effortless. It also streamlines onboarding. For example, each new staff member in the sales team automatically receives logins to the same systems as their colleagues
Beyond this, implementing SSO gives you a single admin dashboard that provides clear visibility on what access is permitted for specific employees, across all of your SaaS applications. You can also manage levels of access and monitor real-time usage so you can enable and disable access, and delete dormant accounts.
This centralization can help reduce the workload of an IT help desk and its costs. There is no need to spend hours answering phone calls to employees who don’t remember their passwords.
Use SSO and 2FA to Improve SaaS Security
A bank that secured its money by using a simple lock and key would provide a ripe opportunity for criminals and quickly go out of business. Similarly, if your SME doesn’t take the security threats and landscape of 2020 seriously, it risks becoming an easy target for cybercriminals. SSO and 2FA can help get your SaaS security headed in the right direction.
Want to learn more, please check out our SaaS Security eBook.