<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=482903392141767&amp;ev=PageView&amp;noscript=1">

Securing enterprise SaaS applications

By Thomas Jones | January 19, 2021
Thomas Jones

Cloud Security Netskope IT Security SWG

BONUS EBOOK: 5 Reasons to Use Cloud Security with Remote Workers

Interest in software-as-a-service is growing and with it are concerns about SaaS security. Organisations are worried about the security implications of using cloud networks for strategic and mission-critical business applications.


Cloud security is a hot topic. Known as cloud computing security, this is the collection of security measures designed to protect cloud-based infrastructure, applications, and data. These measures provide authentication of users and devices, access control for data and resources, and protect data privacy. They also support regulatory data compliance.

One critical component of SaaS security comes from the visibility of data. It helps if you think about data visibility and control regarding what your employees need to access and what customer data you will store. By identifying potential data security and compliance issues, you can establish early on your organisational needs.

SaaS and cloud services' most significant problem is that it is easier for the data and information stored on the cloud to be accessed by unauthorised users. But if you take pro-active steps while growing and expanding your SaaS use, you can still ensure your data visibility has no safety concerns. Here are three ways to make sure your providers offer the best through data visibility and control.

Securing Session Keys

If users are accessing or running applications in your SaaS service, you need to be aware of the two kinds of security capabilities they need. The first is being able to use the features of the application safely and securely. And the second is providing safe storage of the data that the SaaS application is generating, preferably in an encrypted format.

However, customised sets of data generated by customers usually need additional encryption to secure this data.

As the SaaS provider, you must provide the opportunity for a secure session to be established. Closed sessions protect the data from being tampered while respecting the client's privacy.

The most common way to establish the two-way authentification is by running a TLS protocol, or Transport Layer Security protocol. These run in a very similar way to Secure Shell or SSH. Session keys then allow the customer to encrypt and decrypt the data they are working with and generate the necessary authentification codes.

This involves establishing an asymmetric key pair for the SaaS, where one is private, and one is public. The same goes for the customer.

BONUS EBOOK: 5 Reasons to Use Cloud Security with Remote Workers

Providing Multiple Keys for a Database

When it comes to how the data is stored, usually sections or segments are created for consistency and better organisation. This often involves setting up disk volumes. To ensure the data's visibility and control, you can create new encryption keys for each volume.

However, there is a possibility that multiple customers use the same key to access volumes on the cloud. In that case, it's worth considering various key management servers. Each customer will need access to their particular sets of data on the volume, so it's necessary to ensure the possibility for many symmetric keys to be made.

Multiple key management servers allow you to control and keep track of who can access particular volumes.

Providing Encryption Gateways

Sometimes, customers need to create customised field encryption. In that case, it makes the most sense to provide an encryption gateway for the network.

An encryption gateway acts as a reverse proxy server. It processes and monitors every data operation and acts as a sentinel between the client's application and the cloud. Data can then be encrypted using various rules when sent to be stored, or decrypted when sent to be used.

With this mechanism, data is secured in real-time, and an encryption gateway can use any number of keys to protect the selected fields. It also allows you to decide the encryption method you'd prefer to use, either using shared keys or public/private ones.

Conclusion

All in all, data visibility goes hand-in-hand with threat detection once you have one unified view of all user activity with internally and externally shared content. While SaaS applications are a great way to help your enterprise be more efficient and agile, it's essential to make clear and accurate decisions about how data is accessed and used inside and outside your organisation. Being aware of SaaS use is vital to understanding how cloud applications are accessed across your enterprise and by your employees.

If you'd like to find out more about securing the SaaS applications used by your organisation then please complete the form below. One of our cloud security specialists will be in touch to discuss the options available to you. 

Cloud Security Netskope IT Security SWG

Find out more about securing SaaS applications within your organisation