We are living in a multi-SaaS world. According to a Thales 2023 Cloud Security Study, enterprises use, on average, 97 SaaS apps, as they increasingly switch away from legacy in-house applications.
“Thales says while the benefits of SaaS are manifold, enterprise SaaS consumers require comprehensive security, often based on compliance mandates, for their sensitive data stored in SaaS clouds,” says Ethan Searle, business development director of LanDynamix.
“SMEs are no different and whether they know it or not, they do require comprehensive security measures for their sensitive data stored in SaaS clouds,” Searle adds.
“SaaS apps are here to stay and with good reason – they live in the cloud and can be accessed via a stable internet connection removing the technology burden from the shoulders of the SME. It translates into your own in-house IT team without employing an expensive techie,”
He says one site notes the significant benefits of SaaS for small businesses and declares without it SME’s won’t survive the competition. “Possibly quite true but one thing is certain that introducing an array of SaaS platforms into your SME’s operations without either the knowledge or ability to manage the cyber security implications is immensely risky,” confirms Searle.
Forbes reports the top security risks of using third-party SaaS providers includes, authenticated access, data leaks and control of data backup with SaaS providers processing customer data of hundreds and thousands of organisations. “You don’t have to be a rocket scientist to work out that this will make them a significant target for cyber criminals,” he says.
SC Magazine reveals IT professionals report data leaks to be the leading SaaS security concern.
“SaaS applications are certainly very convenient and offer much to the market. However, the risks are immense and need to be managed. This is where a skilled managed services provider (MSP) comes into the picture with the necessary skills and depth of knowledge to protect your business against potentially deadly breaches. MSP’s remove the heavy lifting from your technology implementations; they can ensure your SaaS applications are integrated into your network for authenticated access.”
The Shared Responsibility Model
Searle says it’s important to remember, if Microsoft 365, Salesforce, or Google Workspace data is lost, it’s your responsibility to recover it – not the vendor’s.
“This is the shared responsibility model between SaaS vendors and their customers, like your organisation, that puts the burden of protection squarely on your shoulders. Again, this is where an MSP can add immense value by backing up IP & sensitive information into an agnostic system that ensures that SaaS weak links don’t damage your business’ positioning and inevitably your reputation.”
Stuck between a rock and a hard place
He notes this is exactly where the average SME is with regards to SaaS applications.
“Firstly, you can’t live without them but secondly, they are the most likely source of illicit entry into your systems for malicious reasons. If you are bringing a third party SaaS provider on board there are several things you can do beginning with a due diligence of the supplier.
“You would also be wise to stay on top of what SaaS providers your employees are using. You can achieve this via regular audits, monitoring and implementing strict security policies that link access into your business’ authentication mechanisms such as Active Directory. You must also consider deploying agnostic backup solutions for data protection, not forgetting to factor in the possibility of supply chain attacks,” says Searle.
“You can do all these things but if you really want to show good business sense you will stick to the knitting of running your business and get a top MSP on board and let them take away these issues and run with them. These activities are core to an MSP’s ongoing success of their business. The aim is to provide you with the time and head space (not cluttered by security and tech worries) to focus on running your business while highly specialised IT professionals keep it operational and safe,” concludes Searle.