By storing (and increasingly creating) large amounts of data across your organization’s SaaS applications, your employees unwittingly subject all sensitive information to an “unpredictable risk of exposure.” This stems in part from the inherently dynamic nature of SaaS applications. The continuous introduction/revision of features, evolving UI/UX, backend architectural modifications, and changes to the underlying cloud services (AWS, Azure, GCP…) on which the SaaS services are built make the risk highly unpredictable. For instance, take your favorite cloud-based file-and-document-sharing enterprise application. It makes a small UI change, making the one-click “share with everyone” button more prominent. This slight change alone can increase the probability that some users end up “oversharing.” A sensitive file or folder may become accessible by many more people than it should have. Similarly, making security controls less prominent makes it difficult for the average user to figure out how to set rights management settings. It can have a similar downstream effect, i.e., oversharing or unwanted exposure of sensitive documents.
While new features added to a SaaS application may improve the overall security of your data over time in many instances, this process is not in your control. More often, such meaningful improvements are made “reactively rather than proactively” by a vendor after a significant attack has already occurred and compromised customer data. Therefore, the risk profile of your data in SaaS remains highly unpredictable and unmanageable over its lifetime.
Not all applications have the same risk profile, however. The most vulnerable are the ones where
(i) A lot of unstructured data is generated and stored;
(ii) A large and diverse set of users interact with the application. They are likely to have differing degrees of familiarity with the security controls and have varying levels of sophistication when it comes to security best practices in general;
(iii) A lot of data sharing and collaboration takes place. In such applications, the propensity of making mistakes that lead to a significant breach by a small fraction of (otherwise well-meaning) individuals is much higher.
Furthermore, there are factors beyond engineering, software design, and feature velocity, such as the service provider’s culture of how they value and manage customer data and how much they invest in protecting their environments, that have severe implications on the breach risk of your data [Twitter security practices, Uber breach, GitHub breach, etc.].
Depending upon the nature of your business, you may deal with small or large amounts of sensitive data. Risking a breach due to the unpredictable nature of the “SaaS environment,” your data is stored and shared does not bode well when maintaining a healthy data security posture. The more your business functionality and reputation depends on safeguarding your customers’ sensitive information (such as financial services, legal practices, and healthcare providers), the more you need to control your data’s risk profile over its lifetime.
Before we discuss further aspects of the risk your data is subject to across your organization’s SaaS footprint, let us state the solution —
Encrypt the sensitive data and regulate access to it with appropriate security policies.
Easier said than done! Especially when you are an organization that uses dozens of SaaS applications to get your work done. But first, let us illustrate how the approach mentioned above is a solution to control (and limit) the risk of your data exposure in SaaS.
Not controlling the encryption process and keys is akin to leaving a “backdoor open to your data“! Regular customers of SaaS services have yet to learn how, when and to what degree the service providers are accessing your data. We have heard sophisticated security teams assume that “encryption of data at rest implied that the SaaS service cannot/do not access their data in the backend”! When asked how do you think they enable search on your data, they have yet to learn how it works, how files and documents are indexed, or how it involves scanning your datasets and files regularly to extract information and keep indices updated. How your data is replicated across different services, temporary copies of it made on servers, cached across content delivery platforms, and visible to contractors (and sub-contractors) helping in data migration are not easily understood. These risks are listed in the legal disclaimers you signed off on when signing up for the SaaS service and are easily overlooked and forgotten. The remediations after a breach rely on post-breach lawsuits, legal settlements, vendor-financed credit monitoring for affected individuals, and insurance claims.
A more technologically savvy solution is to – Encrypt your data so that you can prevent (and regulate) which entities (person and non-person) on the service provider’s side can access your encrypted data. A detailed, aggregated log of all accesses to any user-encrypted data is also critical and needs to be maintained for audit and forensic investigation purposes in the event of a breach.
Regulating access to the data encryption keys provides an additional layer of protection against any malicious intruders who can breach the security of the SaaS service provider. Over the past few years, there have been numerous incidents where intruders have exploited some flaw at the service provider’s end to access sensitive customer data [Uber, Okta, Accellion, Fortra] and launch ransomware attacks along with causing other disruptions. Encrypting your SaaS data with your keys can prevent or significantly minimize the fallout of such large-scale compromises of credentials and other security lapses at the service providers’ end.
User-controlled encryption enables a way to make your data’s security-risk agnostic of the SaaS application that stores the data. In other words, irrespective of the feature and functionality changes the SaaS application introduces, any backend architectural updates that are implemented, or business ownership changes, your protected data maintains a more or less constant predictable risk profile controlled and managed by you, the data owner.
Last but not least, you must also consider the security risks to your data beyond the term of your business relationship with a SaaS vendor. How do you ensure they have indeed removed all sensitive data from their systems and databases after the termination of your business relationship? One way to ensure this is by leveraging ‘crypto shredding.’ If you have been encrypting your sensitive data stored within a SaaS application, deleting the encryption keys at your end after the termination of the business relationship would effectively guarantee that no one can recover that data. It is as good as being completely erased from any system or database within or outside your control.
Hopefully, the above arguments have made you see some of the benefits of controlling the encryption of your sensitive data in SaaS. However, you may be wondering what the trade-offs are — are there any functionality compromise, performance, and key-management overheads that make this “prohibitively expensive?” The short answer is “Not anymore.” The solution is where ‘function-preserving encryption‘ and well-designed encryption key management solutions kick in. GarbleCloud’s patented technology for ‘highly scalable, fast full-text search on encrypted data,’ ‘granular PKI-based encryption key-management, and key-distribution‘ service that supports file sharing and real-time collaboration on encrypted content are the game-changers. This article will not detail how GarbleCloud’s patented technology works with popular SaaS applications. However, it suffices to say that it leverages the underlying SaaS applications’ data processing capabilities (such as Google Workspace’s hyper-scalable data indexing and querying capabilities) to ensure native functionality and user experience of the applications are preserved even for user-encrypted content. A more in-depth exposition is the topic of another article soon.
So, for all of the reasons explained above, we hope you seriously consider the steps you can take to safeguard your SaaS data. Consider signing up for a service like GarbleCloud’s Key Management to protect your most sensitive files and documents on your favorite SaaS collaboration platform.