This blog was written by an independent guest blogger.
Software as a service (SaaS) is one of the most important parts of the modern digital business. Unfortunately, when it comes to cybercrime, it can also be one of the weakest. The Cybersecurity newsletter, The Hacker News, have highlighted this in detail, noting interest from across the digital industry in addressing the holes created by misconfigured SaaS setups. The use of unsanctioned business software, and the lack of controls and best practices to help assist companies with assurance can create a bad concoction. Addressing this requires a complete overhaul of business processes, starting with addressing the very nature of SaaS usage by the company.
Looking at core philosophy
SaaS is, according to Forbes, a key disruptor in many global markets. Utilized not just by digitally-focused businesses, this has unfortunately meant that many businesses are keen to get on the bandwagon long before they are prepared. This lack of preparation for the use of SaaS is what creates issues with security in the long run. How can businesses meet this risk and mitigate it?
A key part of achieving this is through controlling growth. There is a compelling argument to be made that unbridled growth has caused many of the issues that digital businesses, not just SaaS-focused ones, have. Whether that’s through DDoS attacks, insufficient manpower to staff operations or other situations, demand can exceed capacity. That includes security systems. When considering the advantages of the model, businesses moving into SaaS should therefore also ensure that they have proper capacity to meet the customer demand and ensure a high level of cybersecurity assurance.
Building from the base
Having a measured growth strategy that is inclusive of the potential demands of the business is a first step that allows a cybersecurity response to be built accordingly. The challenge SaaS poses is in a lack of assurance that users are following cyber protocols. The corridor between business and customer can let in malicious users and malware at any stage of a transaction – leading to a loss of data, revenue, reputational damage, or all three. Defining the risk and managing it is a case of forming ‘quarantine’ points, where businesses and their customers are able to securely store their data without risking it being accessed inappropriately by others.
Increasingly, businesses are meeting this demand using secure access service edge (SASE) systems, according to the UK's Computer Weekly. Research by Gartner expects 40% of businesses will be using SASE by 2024, and for good reason – it provides a secure environment through which to run SaaS, and all the risks it entails, without creating downtime for customers that could lead to lost revenues. Having this secure corridor also allows for other important business security measures, like data protection and security, to be carried out with a high level of assurance.
SASE is not the only protocol to follow, and many businesses are constructing their own proprietary system security for their SaaS platforms. However, it does offer a clear incentive to businesses looking to move into the area, especially those without extensive technical security experience. Expect to see such measures further proliferate in the remote working age of 2021.
SASE and similar systems will be crucial, then, in the future economy. Businesses looking to develop an SaaS platform must start early on their cybersecurity measures, and place them front and center in any policy.