5min. read

Integrated CASB Redefines SaaS Security

In a SaaS model where a company’s applications and data reside beyond the corporate controlled premises, on third-party infrastructure, taking a traditional approach to security is not enough.

Software as a service (SaaS) is a model in which a vendor remotely hosts and delivers software applications as a service to customers over the internet. This form of software delivery has become increasingly popular over the past decade as it allows companies to access and use a wide variety of applications on-demand in a “pay-as-you-go” manner, instead of having to build and maintain their own technology infrastructure in-house.

This growing demand for SaaS applications is also why Gartner, a leading research and advisory firm, estimates public cloud services are forecasted to grow 18.4% in 2021 to total $304.9 billion, up from $257.5 billion in 2020. It further forecasts that the worldwide revenue  for cloud application services (SaaS) alone will jump over 117 million in 2021.

But just like with traditional technology infrastructures, adopting and using SaaS applications can pose significant risks to a company including:

  • Sensitive data being inadvertently exposed or lost, or being excessively shared.
  • Security breaches and data theft.
  • Application vulnerabilities and potentially propagating malware.
  • Shadow IT, due to employees using applications that were never approved by the company’s IT department.
  • Risk of non-compliance with regulations and data privacy laws such as the European Union General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard ([PCI-DSS], ISO-27001, the Sarbanes-Oxley Act [SOX], the Health Insurance Portability and Accountability Act [HIPAA], and others.
  • Application downtime.

Thus, it’s important for a company to understand these risks, and take steps to minimize them.

Integrated CASB Redefines SaaS Security

Many years ago when a company wanted to protect its technology infrastructure data and users, the approach was to deploy a variety of security tools throughout the network premises. But, with cloud adoption, in a SaaS model—where a company’s applications and data reside on third-party infrastructure, and the company’s employees have the ability to access those applications anytime, anywhere, and from any device—just taking the traditional approach to security is not enough.

That’s because in a SaaS environment:

  • A company’s network administrators don’t have visibility into the SaaS vendor’s technology infrastructure, or how the SaaS vendor stores and secures data. This means that many of the tools IT professionals use to secure a company’s on-premise technology either can’t be extended to or won’t work for SaaS applications. Plus, even if they could be extended, it’s almost impossible for a company to ensure effective SaaS security with layered point products anyway.
  • Companies don’t have a way to monitor and control which applications are being accessed and used and by whom.
  • Companies don’t have a way to monitor and control what data is being uploaded and downloaded, and where.

To compensate, companies have turned to a Cloud-Access Security Brokers (CASB) or security policy enforcement points that sit between a cloud service provider and its users to deliver security policy controls for SaaS applications and enforce governance and data protection policies across diverse environments. 

But standard CASB solutions are operationally complex and yield a high total cost of ownership. Being proxy-based, they are standalone and disjointed from the existing security infrastructure. And requiring complex traffic redirection from the network firewall and PAC agents, they are quite difficult to deploy and manage. Most importantly, these solutions don’t provide a unified data protection policy approach that consistently covers cloud applications, the physical network, the remote users, and all the endpoints and only solve part of the problem requiring organizations to add-on a patchwork of additional tools to get a more holistic security, such as complex connections with on-prem DLP solutions.

What organizations need today is an “Integrated CASB” solution. One that:

  • Secures their applications, data, and users beyond the corporate premises, in the cloud and across remote locations.
  • Detects, monitors and protects sensitive data in transit between their company networks, users and the SaaS providers and at-rest when it’s stored on a variety of SaaS applications.
  • Facilitates regulatory compliance, prevents data leakage and excessive data exposure anywhere their regulated data moves and resides.
  • Monitors and manages user behavior and minimizes any potential security or “shadow IT” risks.
  • Doesn’t require a broker because it is seamlessly integrated with the existing security stack, therefore is easy to deploy and doesn’t demand a high TCO.

Selecting the Right Security Vendor

Finding the right vendor to help your company secure its SaaS applications, data, and users can take time. But it’s well worth the effort. After all, when it comes to your company’s security, you want the best security experts, professional guidance, and solutions you can get.

For more information on how to effectively bridge the SaaS security gap, visit: https://www.paloaltonetworks.com/network-security/saas-security

More SaaS Security Articles: