clouds: As more and more companies are exploring and adopting SaaS (Software as Service) solutions for their technological needs, IT Security groups are struggling to keep clouds safe against possible leaks in the existing security system. To look at the good side, these organizations have very strong safety fundamentals for internal applications. But the challenge lies in being able to expand the security umbrella beyond the internal environments, clouds. Practically this will be implemented by creating a "hybrid solution" in part SaaS and partly hosted.
As an ancillary tool for IT organizations to better understand a cloud environment, Identropy has taken care of the "Practical SaaS Security Stack". Consists of six key key elements and related technologies which form the basis for extending the traditional internal security model into an environment based on cloud, not a replacement for the existing solutions, not a parallel solution, instead a real extension or integration of the current security solution that your company has already implemented.
In this article we will explore the forces behind the SaaS Security Stack.
- Discovery SaaS
What's in there clouds; The first question that needs to be asked is necessary. What is the level of risk associated with each different solution in cloud. A file at box.com e.g. can have a different risk than a file at rent-a-share.com.
- Identity Management cloud
The point here is to extend and integrate the right people with the correct access, at the right time, this function, that is to your applications using the cloud. This component maintains improved efficiency and compliance with regulations concerning the provision of new employees / contractors, new transfers and assignments, reductions in transfers and termination of duties as well as access management and renewal of certifications.
- Data loss prevention (Data Loss Prevention DLP)
The same care is taken with the content of data sent by e-mail outside of the company, the DLP can monitor data that leaves your environment for clouded applications that have not yet been discovered.
- Clouds SSO / Authentication
How many times do we need to solve / expand the sign on? Large 80 computers, 90 networks, 2000 internal applications, and now-based applications clouds. Just as in previous issues, we just deal with numbers of passwords and therefore with the numbers of the fields where these passwords should be assigned. One-way identification with a password, a second identification method called the two factor authentication and eventually the multi-authentication method or multi factor authentication, which is the ultimate goal.
- Encryption / Tokenization
This is the latest security for your data. Most companies use it encryption only for inactive data. Possibly some forms of active data within the hosted IT environment may have already been considered as well. With the SaaS applications in the game, your data will always be inactive, then active and then inactive again.
- SaaS Identity Activity Monitoring
The SaaS management process will really determine how and when to scan for new SaaS applications as well as how to identify and categorize them. The SaaS Identity Activity Monitoring takes the user activity report to a level further specifying who has access to what specific data element, what it did with that data, who it shared, when, etc. Then check and record that the employee entered in that URL address and shared the file at a specific date, from a specific location and IP address. Excellent;