The problem with SaaS apps
Let’s first take a look at the compliance risks posed by adopting SaaS apps before moving on to how these issues can be minimised or nullified by following a server-led approach to IT.
1. User access
Most SaaS applications are accessed via an internet browser. While this makes them highly accessible for users, providing much needed flexibility, it also makes them highly accessible to potential attackers. The authentication methods of your SaaS apps are therefore extremely important. So to some extent you are at the mercy of the SaaS provider and how secure they have made their authentication. You’re potentially just a password away from your data being accessed by a rogue party. Imagine if that SaaS app happened to be your CRM, we’d be talking about a compromise to your entire customer database.
With Desktop 365 you access everything through a secure Single Sign-On with Multi-Factor Authentication (MFA). This requires users to not only enter a password but also a token from a service such as Google Authenticator.
Web App Security
As mentioned, most SaaS apps are accessed via web browsers or apps and, as I’m sure you’re already well aware, web browsers are highly susceptible to attack. Session hijacking, keylogging, screen capturing, DNS poisoning, the list goes on. So ensuring your gateway to all of these SaaS applications is secure is of paramount concern as well as ensuring that the SaaS provider has taken appropriate steps to protect their web app.
With Desktop 365 admins can set web apps to open in a secure cloud-based browser session. Connection is more secure than a local browser and the session can be watermarked to let the user know that their actions are being tracked. Because of the isolated and controlled access, your network is secured against web browser borne attacks and your data protected against misuse.
The security of end-point devices being used to access a SaaS app is also a consideration. While IT departments can control and secure company-issued devices they won’t have this same level of control when it comes to personal devices. Following a device-led model you would probably deny SaaS app access outside of company-issued devices and possibly even restrict it to the work network only. But to do this would be to restrict the flexibility of your workforce and curtail productivity.
With Desktop 365 nothing is stored on user devices and no data is downloaded. Your device becomes a conduit to the data centre, where all your activity actually takes place, securely.
2. Data storage and movement
Just as important as how you access SaaS apps is how your data is transmitted to and from them. Information can be intercepted so high-levels of encryption are necessary. Similarly. you’ll want to make sure that SaaS providers have suitable encryption methods in place to protect your data while at rest.
With Desktop 365 data is protected via high-levels of encryption both in transit and at rest.
When using SaaS apps it’s important to consider business continuity. You need to understand the impact it will have to your business if you are unable to access your data for 1 hour, 1 day, 1 week. If this is significant then you need to check what provisions the SaaS provider has made for a scenario where data is lost or the system is down. For instance, do they take backups and how quickly can they get things back up and running again?
While Desktop 365 can’t help you with SaaS outages or data that’s stored by a SaaS provider, our delivery partner Atlas Cloud can help you with continuity for certain SaaS applications. For instance, archive functionality can be provided for Office 365 and emails accessed even if the Office 365 service goes down. There is even an option to ‘Sync and Recover’ which allows you to use your Outlook in exactly the same way as you always do, with folder structure, calendars etc. all intact.
3. Access control, monitoring and prevention
The greatest benefit, but unfortunately also the greatest threat from SaaS apps, is that they’re available to access anywhere, any time, on any device. So with SaaS apps you’re again at the mercy of the SaaS provider when it comes to options for restricting user access. Some may offer the ability to restrict the service to a certain IP address (i.e. that of your office), however this is not an agreeable solution for the modern workplace where flexibility is top of the agenda. But how do you allow access outside of the office and have visibility and control over what your users are doing. It’s a conundrum which many SaaS apps are unable to offer you an answer to. What if you want to restrict USB access but your users are working on personal devices? Simply put, if the functionality isn’t built into the SaaS app then you can’t.
With Desktop 365 you can add extra layers of access restrictions to SaaS apps. Because the service can only be accessed via a Single Sign-On to your personal workspace, USB access can be restricted, copy and paste deactivated, print screening forbidden, and watermarking can be added.
User monitoring and pro-active prevention
In order to prevent misuse of your SaaS apps you need to monitor user interactions closely. But if your SaaS provider hasn’t built this into the application then this is going to be extremely difficult. So how will you know if someone has attempted to download your entire customer database? And if your SaaS app can’t recognise this then it’s highly unlikely to be able to take preventative action (i.e. shut the user down). AI in SaaS apps is playing catch up so there are always going to be holes in any in-built security.
With Desktop 365 you can monitor individual usage of applications and set flags to trigger notifications. AI-powered analytics risk scores user behaviour and can be set to pro-actively restrict access if suspicions are raised. You can also monitor download and upload volumes and protect against data loss with automatic blocking.
Embrace your SaaS, securely
SaaS apps have become so mainstream that most businesses are using them, whether it’s in Sales, Marketing or any other department. There’s a sense that they almost can’t live without them. However, in these times of intense data protection scrutiny and sophisticated cyber threats, there’s also a sense that business can’t afford to live with SaaS apps.
Thankfully, Desktop 365 fills this void, allowing you to enjoy the latest in SaaS app functionality and productivity while keeping your business secure and compliant. The cost of a data breach can be astronomical in both monetary and reputational terms. With so many regulations and now the GDPR to contend with, it’s high-time every business got their SaaS apps under control.