Check Your Configurations Before You Blame Hackers
Improving configuration management in Software-as-a-Service (SaaS) applications can reduce the risk of data loss, phishing campaigns, and avoid data breach. How will the IT team deal with this crisis?
Cloud platforms, such as Microsoft’s Office 365 or Google’s G-Suite, are commonly used, and often managed by IT professionals who are responsible for all aspects of the configuration. Security is not their main goal
Like most SaaS, default settings are tailored to end users, with full control over collaboration and data access. Criteria also often weigh on ease of access and availability for increased security. These attractive options pay enough attention to end-user errors that lead to data and security breaches. Revising default values can be a long way to improving security.
With that in mind, it’s no surprise that Gartner predicts that “through 2023, at least 99% of cloud security failures will be the customer’s fault.” As Gartner emphasizes, organizations often lack the knowledge, budget, or sense of urgency to optimize their cloud security. Hackers know that cloud assets are more uniformly configured and share the same default settings, making each exploit relevant to huge numbers of organizations.
Not surprisingly, Gartner predicts that at least 99 percent of data loss will be due to the client’s fault. As Gartner points out, organizations often lack knowledge, budget, or urgency about the security of their cloud. Hackers know that cloud assets are organized in a consistent way and share the same default settings, making exploint relevant to multiple organizations.
Some major data breaches are due to public file sharing, unencrypted data, compromised accounts, and bad password settings.
In these cases, the default settings, such as the unlimited ability to share data outside of the organization, are partly responsible for the violation.
In addition, SaaS providers constantly update their environment with new features. These updates are focused on backward compatibility and regular upgrades, not security. Because SaaS upgrades are “pushed”, admins have enough time to master security-related configurations.
Changes in security management in itself is another problem. For example, in an effort to improve security with Office 365, Microsoft has moved and modified most security configurations to updated security and compliance centers. This change is an ongoing challenge to stay on top of cyber threats.
Many organizations are seeing a steady stream of referrals for harvesting phishing attacks. People using Office 365 have specifically reported an increase in the number of compromised accounts.
Although security companies can be selected to maintain multi-factor verification (MFA) and password validity requirements, which is required in SaaS mode, they are not included in the box.
Establishing an MFA is not easy. For example, in Office 365, Microsoft offers two separate solutions (ADFS and Azure AD). In addition, important configurations such as login monitoring, login monitoring, disablig legacy are often never explored.
There are many other configurations that help reduce surface attack. Some areas of interest include mail flow rules, spam rules, and threat protection policies. At the same time, attack vectors continue to change and SaaS continues to offer security features. These are often inactive by default and IT managers should continue to train and explore new features and configurations of these ever-changing platforms
By learning about platform configurations, administrators can better understand the impact of alignment on threat management. This is often done by consulting the release notes, for example by visiting the security centers of SaaS providers on a regular basis.
When it comes to securing cloud-based collaboration environments, or data leakage, periodic review, and thoughtful selection of configurations are the first step towards a more secure SaaS. Good configuration is good security!