Organizations increasingly rely on cloud services, which means security teams need to adapt to data being stored...
in systems they can't control.
It isn't feasible to apply the same security practices and tools to on-premises and data center environments. And, in reality, most organizations fail to provide the necessary visibility and control over their cloud environments.
It can be difficult for organizations to adequately defend their networks due to a lack of time, investment and skills. When cloud infrastructures and applications enter into the equation, few organizations know that they have been the victim of a breach until their data is published online -- particularly when faced with a targeted attack from a skilled adversary.
Some cloud platforms are easier to manage than others. SaaS platform security, in particular, is more of a challenge when balancing network and storage security compared to IaaS platforms.
Securing IaaS systems
The easier part of the cloud defense conundrum is using IaaS. AWS, Microsoft Azure and Google Cloud Platform all offer built-in tools to manage the security of data stored in their infrastructures. A number of third-party tools offered by companies such as Cisco, Palo Alto Networks and Check Point Software can help to extend these capabilities across platforms.
IaaS services are the most readily understandable for security teams and offer the most effective tools to protect data that is stored and processed there. However, IaaS systems also require security teams to have the time and skill to configure the environment correctly. It can be hard for organizations to correctly manage these systems.
Managing SaaS platform security
The more complex task is managing the security of data stored in SaaS platforms. Even small organizations may use a significant number of cloud-based applications, such as CRM, HR, finance and department-specific services. For large companies, this may mean hundreds of different SaaS applications, which makes SaaS platform security more challenging.
Many of these applications, notably HR and finance, store highly sensitive personal data that, if breached, would cause damage to the organization's reputation and, likely, large fines from various regulators.
The first battle with SaaS platform security is understanding which applications the company uses, because some apps may be accessed without the knowledge or permission of the IT team. Once the applications have been identified, they need to be protected. There are tools that can extend security policies into SaaS applications, but they usually only work with the most popular applications, leaving sensitive data stored in other applications vulnerable to attack.
Organizations today have the tools they need to protect data stored and processed in IaaS platforms, but extending that to SaaS platform security can be a challenge that is beyond the ability of most security teams.
Protecting data stored in SaaS applications requires careful analysis of the security controls and processes for each platform, tight control over security settings and access controls, as well as rules on what data can be stored where. However, with the sheer number of SaaS applications in use and, in many cases, over-stretched security teams, data stored in SaaS systems is often vulnerable to intentional or accidental breaches.