SaaS Applications Have a Mind of Their Own

Do you understand the risk associated with multi-cloud solutions?

Multi-cloud environments are common, and popular because they simplify what used to be complicated workflows, and they help organizations stay connected in an efficient manner. They do, however, also pose a significant cybersecurity challenge because they allow users to play multiple roles and have numerous constantly changing privileges.

This is simply how modern corporations’ work. The challenge quickly becomes how do you keep track of all the users and their constantly changing privileges. CISOs are tearing their hair out because they know they need to give proper access to their teams, while also having the capability to provide reporting to executive boards regarding employee access profiles, activities and privileges.

Unfortunately, the current systems do not equip the practitioners with compliance reports across environments, systems, applications and all personas of users.

Current identity and access management solutions often fail to recognize users' activities and privileges across multiple cloud environments, making clean decommissioning difficult, and leaving traces of potential vulnerabilities.

SaaS Applications Have a Mind of Their Own
The maturity of the SaaS applications runs the gamut, and not all provide native integration into the centralized IAM solutions. Current IAM/PAM and SIEM solutions often focus on single-user activities and struggle to manage the scale and complexity of changing privileges and access requests.

Organizations must leverage customers’ existing investments into the SaaS applications rather than create a parallel directory and access management infrastructure just for those new SaaS applications.

Remote Workforce is Here to Stay
The pandemic brought us the remote workforce, and it is here to stay. This development has refocused the need for supporting the remote workforce without compromising security – a considerable challenge from a user access perspective.

Remote access adds another layer of complexity to privileged access management by increasing the number of vulnerability points, and available software solutions are unequipped to effectively manage the lineage of the users and remediate unauthorized access problems in real-time.

Why Organizations Should Care about Privilege Abuse
Inside-Out Defense has observed diverse consequences from the above challenges in our engagements spanning several industries. Though the use cases have varied, these are some of the common patterns of privilege access abuse:

  • Users launching privilege escalation
  • Lateral movements
  • Privilege persists launched through 3rd party accounts over compromised zombie user accounts to orchestrate data exfiltration
  • IP counterfeiting
  • HIPAA compliance abuse and undue access to patient diagnostic data
  • PoS systems DDoS
  • Malicious third-party access
  • Unmanaged systems orchestrating attacks at scale

Briefly, IAM/PAM and SIEM solutions, as we know them, are being outsmarted by faster threats and more determined threat actors. Legacy vendors mainly focus on single-user activities to determine potential red flags and aggregate them for further processing without considering the individual user's overall context and activities across the environments.

Secondly, they usually integrate with a workflow system, generating a backlog of access requests that cannot scale with increased user activities. Users' privileges constantly change; they usually do not and should not persist. Enterprises direly need to address these challenges by providing a privilege abuse defense at the “time of use” by continuously detecting privilege abuse behaviors in real-time and remediating abuses in line.

About the Author

Venkat Thummisi is the co-founder and CTO, at Inside Out Defense.

Featured

Featured Cybersecurity

Webinars

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3