The SaaS ecosystem has exploded in the six years since the National Institute of Standards and Technology's cybersecurity framework 1.1 was released.
Back in 2016-2017, when version 1.1 was initially drafted, SaaS held a small but significant place in the software market.
Today, the economic benefits coupled with pandemic-induced work-from-home culture have led to SaaS becoming the primary way businesses purchase and use software.
Not surprisingly, NIST's just-released Cybersecurity Framework 2.0 seems to have SaaS security in mind.
Throughout CSF 2.0, NIST recommendations dovetail with SaaS security needs.
Govern, the new function, addresses issues relating to the democratization of SaaS, misconfiguration management, external users, risk management, and security posture.
SaaS security demands the combination of two types of monitoring.
The first, which is best covered by a SaaS Security Posture Management platform, handles prevention.
The second, which requires log monitoring and anomaly detection, detects threats.
Read about how to apply the NIST 2.0 guidelines to your SaaS stack.
In another recent SaaS breach, threat actors breached the HR software of an US telecom operator, exposing data of over 63,000 employees.
One contributing factor to the breach may have been the complexity inherent in SaaS HR permissions structures.
The ongoing Microsoft Azure breach is based on phishing attacks that provide threat actors with access to an application.
Leaving aside the recommendation of requiring MFA, which would have prevented access to threat actors, applying the principles of the detect function to the application would have alerted security teams to the threat.
Effective SaaS threat detection would have scanned logs from across the entire SaaS stack.
When threat actors log in to SaaS applications using their victim's credentials, they share enough bits of information for an effective Identity Threat Detection & Response to detect anomalies.
At nearly every critical juncture, SaaS security when conducted through an SSPM and ITDR are aligned.
In addition to scanning logs for anomalies, it involves monitoring, taking actions when incidents are discovered, and restoring SaaS applications so they are up and running following an account compromise.
Securing SaaS applications using an SSPM platform with ITDR capabilities is the most effective way to protect your SaaS stack.
It also helps keep your SaaS security measures aligned with the latest NIST framework recommendations.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 18 Mar 2024 13:55:12 +0000