Why SaaS adoption is an unnecessary compliance risk in a device-led IT model… and what to do about it

SaaS applications represent the ultimate in plug-and-play flexibility. You can be up and running with a new system or service in minutes. However, with a traditional device-led IT model they can pose a serious compliance threat. We explore how you can utilise SaaS applications safely.
Martin Sharpe
SaaS Application Problems
The Cloud Security Alliance has stated that 77% of organisations adopting SaaS have experienced security incidents related to their SaaS apps. As such, SaaS represents a new and complex challenge for IT, where granular controls are diminished in comparison to on-premise applications.

The problem with SaaS apps

Let’s first take a look at the compliance risks posed by adopting SaaS apps before moving on to how these issues can be minimised or nullified by following a server-led approach to IT.

1. User access

Authentication

Most SaaS applications are accessed via an internet browser. While this makes them highly accessible for users, providing much needed flexibility, it also makes them highly accessible to potential attackers. The authentication methods of your SaaS apps are therefore extremely important. So to some extent you are at the mercy of the SaaS provider and how secure they have made their authentication. You’re potentially just a password away from your data being accessed by a rogue party. Imagine if that SaaS app happened to be your CRM, we’d be talking about a compromise to your entire customer database.

The solution:

 

With Desktop 365 you access everything through a secure Single Sign-On with Multi-Factor Authentication (MFA). This requires users to not only enter a password but also a token from a service such as Google Authenticator.

Web App Security

As mentioned, most SaaS apps are accessed via web browsers or apps and, as I’m sure you’re already well aware, web browsers are highly susceptible to attack. Session hijacking, keylogging, screen capturing, DNS poisoning, the list goes on. So ensuring your gateway to all of these SaaS applications is secure is of paramount concern as well as ensuring that the SaaS provider has taken appropriate steps to protect their web app.

The solution:

 

With Desktop 365 admins can set web apps to open in a secure cloud-based browser session. Connection is more secure than a local browser and the session can be watermarked to let the user know that their actions are being tracked. Because of the isolated and controlled access, your network is secured against web browser borne attacks and your data protected against misuse.

End-Point Management

The security of end-point devices being used to access a SaaS app is also a consideration. While IT departments can control and secure company-issued devices they won’t have this same level of control when it comes to personal devices. Following a device-led model you would probably deny SaaS app access outside of company-issued devices and possibly even restrict it to the work network only. But to do this would be to restrict the flexibility of your workforce and curtail productivity.

The solution:

 

With Desktop 365 nothing is stored on user devices and no data is downloaded. Your device becomes a conduit to the data centre, where all your activity actually takes place, securely.

SaaS App Issues

2. Data storage and movement

Encryption

Just as important as how you access SaaS apps is how your data is transmitted to and from them. Information can be intercepted so high-levels of encryption are necessary. Similarly. you’ll want to make sure that SaaS providers have suitable encryption methods in place to protect your data while at rest.

The solution:

 

With Desktop 365 data is protected via high-levels of encryption both in transit and at rest.

Availability

When using SaaS apps it’s important to consider business continuity. You need to understand the impact it will have to your business if you are unable to access your data for 1 hour, 1 day, 1 week. If this is significant then you need to check what provisions the SaaS provider has made for a scenario where data is lost or the system is down. For instance, do they take backups and how quickly can they get things back up and running again?

The solution:

 

While Desktop 365 can’t help you with SaaS outages or data that’s stored by a SaaS provider, our delivery partner Atlas Cloud can help you with continuity for certain SaaS applications. For instance, archive functionality can be provided for Office 365 and emails accessed even if the Office 365 service goes down. There is even an option to ‘Sync and Recover’ which allows you to use your Outlook in exactly the same way as you always do, with folder structure, calendars etc. all intact.

3 pictures, one shows an IT admin monitoring the network, another shows a cyborg (i.e. AI) controlling SaaS access, and another shows a user at his computer

3. Access control, monitoring and prevention

Access restrictions

The greatest benefit, but unfortunately also the greatest threat from SaaS apps, is that they’re available to access anywhere, any time, on any device. So with SaaS apps you’re again at the mercy of the SaaS provider when it comes to options for restricting user access. Some may offer the ability to restrict the service to a certain IP address (i.e. that of your office), however this is not an agreeable solution for the modern workplace where flexibility is top of the agenda. But how do you allow access outside of the office and have visibility and control over what your users are doing. It’s a conundrum which many SaaS apps are unable to offer you an answer to. What if you want to restrict USB access but your users are working on personal devices? Simply put, if the functionality isn’t built into the SaaS app then you can’t.

The solution:

 

With Desktop 365 you can add extra layers of access restrictions to SaaS apps. Because the service can only be accessed via a Single Sign-On to your personal workspace, USB access can be restricted, copy and paste deactivated, print screening forbidden, and watermarking can be added.

User monitoring and pro-active prevention

In order to prevent misuse of your SaaS apps you need to monitor user interactions closely. But if your SaaS provider hasn’t built this into the application then this is going to be extremely difficult. So how will you know if someone has attempted to download your entire customer database? And if your SaaS app can’t recognise this then it’s highly unlikely to be able to take preventative action (i.e. shut the user down). AI in SaaS apps is playing catch up so there are always going to be holes in any in-built security.

The solution:

 

With Desktop 365 you can monitor individual usage of applications and set flags to trigger notifications. AI-powered analytics risk scores user behaviour and can be set to pro-actively restrict access if suspicions are raised. You can also monitor download and upload volumes and protect against data loss with automatic blocking.

Embrace your SaaS, securely

SaaS apps have become so mainstream that most businesses are using them, whether it’s in Sales, Marketing or any other department. There’s a sense that they almost can’t live without them. However, in these times of intense data protection scrutiny and sophisticated cyber threats, there’s also a sense that business can’t afford to live with SaaS apps.

Thankfully, Desktop 365 fills this void, allowing you to enjoy the latest in SaaS app functionality and productivity while keeping your business secure and compliant. The cost of a data breach can be astronomical in both monetary and reputational terms. With so many regulations and now the GDPR to contend with, it’s high-time every business got their SaaS apps under control.

Share: 

Share on linkedin
Share on twitter
Share on facebook

About Desktop 365

The new standard of desktop computing, Desktop 365 is a plug-and-play Citrix and Microsoft solution – delivered by Atlas Cloud.

More blogs

Office 365 vs Desktop 365

Office 365 vs Desktop 365

Office 365 This suite of applications created in 2010 by Microsoft was originally a suite of on-premise applications. In less than a decade it has…
Why SaaS adoption is an unnecessary compliance risk in a device-led IT model… and what to do about it

Why SaaS adoption is an unnecessary compliance risk in a device-led IT model… and what to do about it

The Cloud Security Alliance has stated that 77% of organisations adopting SaaS have experienced security incidents related to their SaaS apps. As such, SaaS represents…
Why IT has an internal perception problem… and what to do about it

Why IT has an internal perception problem… and what to do about it

The purveyor of sub-standard hardware According to research by Fellowes, 81 percent of office workers in the UK are spending between 4 and 9 hours…
Hosted Desktops vs Desktop 365

Hosted Desktops vs Desktop 365

Hosted Desktops Hosted Desktops, also referred to as Virtual Desktops or DVIs, are a unified solution, built to give end-users a restriction-free experience. All emails,…
4 Problems every user of a device-led IT model can relate to

4 Problems every user of a device-led IT model can relate to

Sick of your companies IT setup? You're not alone... Times change and so does technology. These days there’s a strong requirement from the UK workforce…
How Server-Led IT gives businesses a competitive advantage through productivity

How Server-Led IT gives businesses a competitive advantage through productivity

The new standard of desktop computing for the workplace. Competitive advantage through productivity Often, an organisation’s biggest asset is its employees. Employees are more-likely-than-not the…
Scroll to Top

DownloadDesktop 365 Features

Get the full Desktop 365 feature list to browse at your leisure or share with a colleague.
To gain instant access to your free download please supply a valid work email address:
For details of how we use the information you provide to us when you request this download, please see our privacy policy.
If you would prefer not to share your data, we will make the download available to you via other means. Please contact hello@desktop365.co.uk for details.

For details of how we use the information you provide to us when you request this download, please see our privacy policy.

If you would prefer not to share your data, we will make the download available to you via other means. Please contact hello@desktop365.co.uk for details.