PLATFORM SECURITY

Cloud Security Alliance Offers Governance Best Practices for Protecting Data Throughout Software-as-a-Service (SaaS) Lifecycle

Cloud Security Alliance | June 10, 2022

Cloud Security Alliance
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Software-as-a-Service (SaaS) Governance Best Practices for Cloud Customers. Drafted by the SaaS Governance Working Group, the paper provides a baseline set of SaaS governance best practices for protecting data within SaaS environments, enumerates and considers risks according to the SaaS adoption and usage lifecycles, and finally, provides potential mitigation measures from the SaaS customer’s perspective.

The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. While the domain of cloud adoption and security continues to evolve, not much guidance is available regarding SaaS governance and security. This, despite the reality that increasingly, different departments within an organization (Shadow IT) are occasionally utilizing SaaS offerings to power their critical business processes and functions and often storing sensitive data in SaaS environments.

“SaaS requires a different security governance mindset. Because SaaS apps allow businesses to quickly and easily optimize business operations, adoption has come at the price of security. Few recognize how complex the configuration and permission settings of SaaS apps can be, which results in numerous misconfigurations, giving attackers the potential to access sensitive data,” said Amir Ofek, CEO of AxoniusX, the new innovation unit of Axonius, which sponsored the paper. “By following a widely adopted security framework, such as NIST CSF, coupled with the best-practices and recommendations in this document, organizations will be able to better establish SaaS governance and security processes to mitigate risk associated with SaaS usage, eliminate misconfigurations, and gain full control over their entire SaaS environment.”

“While SaaS offers tremendous opportunities for organizations to change the way they operate, consume innovative capabilities, and offload many of the operational burdens associated with both creating and maintaining applications, it isn’t without its concerns. As organizations continue to adopt SaaS-based applications and solutions, traditional organizational cybersecurity must be updated to reflect this new operating model. Failing to do so can increase the potential risk and ramifications of security incidents associated with the consumption of SaaS.”

Chris Hughes, co-founder and CISO at Aquia and project lead/lead author of the paper

The guide defines three necessary components that, when combined into a cohesive strategy, can provide integrated security for SaaS systems and solutions:

Process security. Protects the integrity of procedural activities to ensure the input and output of processes aren’t easily compromised. These are the managerial aspects, including policies and procedures, to ensure that an organization’s processes are consistent.
Platform security. Deals with the security strength of the platform and the underlying dependencies of a SaaS service. These include the SaaS infrastructure, operating systems, and its potential suppliers.
Application security. Deals with the security of the SaaS application itself. A SaaS application can only stay secure if it does not contain exploitable vulnerabilities and has implemented hardened configurations aligned with organizational and vendor security best practices, as well as compliance requirements.

The Software-as-a-Service (SaaS) Governance Working Group aims to benefit all parties in the SaaS ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider. Individuals interested in becoming involved in future research and initiatives are invited to join the working group.

SaaS Governance Best Practices for Cloud Customers was sponsored by Axonius, a leader in cybersecurity asset management and SaaS management. CSA research prides itself on vendor neutrality, agility, and integrity of results. Sponsors are CSA Corporate Members who support the findings of the research project but have no added influence on the content development or editing rights to CSA research.

About Axonius
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem.

Spotlight

"Data theft continues to increase in frequency. Threats from employee theft, employee negligence, and third party entities such as consultants, contractors, processors, marketers and other outside professionals put your company in danger of a data breach.

In today's workplace data breaches are at their highest numbers and climbing costing $5.5 million on average. The challenge to protect data from all angles is daunting, but it is a task of paramount importance."

Spotlight

"Data theft continues to increase in frequency. Threats from employee theft, employee negligence, and third party entities such as consultants, contractors, processors, marketers and other outside professionals put your company in danger of a data breach.

In today's workplace data breaches are at their highest numbers and climbing costing $5.5 million on average. The challenge to protect data from all angles is daunting, but it is a task of paramount importance."

Related News

PLATFORM SECURITY

Splashtop and Acronis Integrate and Bring Scalable Remote Support to Acronis’ Cyber Protect Cloud Solution

Splashtop, Acronis | July 06, 2022

Managed Service Providers (MSPs) using Acronis for endpoint protection management can now initiate Splashtop remote control sessions directly from within the console to provide faster, reliable support for client workloads. CUPERTINO, Calif. and MIAMI, FL, July 6, 2022 — Splashtop and Acronis today announced a partnership that integrates solutions for secure remote access and support with Acronis Cyber Protect Cloud, an all-in-one data and cybersecurity protection platform. This integration alleviates downtime by enabling MSP technicians to access and take control of computers to troubleshoot and resolve issues directly from the Acronis Cyber Protect Cloud console – resulting in increased customer satisfaction and decreased costs. Acronis Cyber Protect Cloud unites backup and next-generation, AI-based anti-malware, antivirus, and endpoint protection management in one solution. With Splashtop integrated, service providers can instantly access all their clients’ managed devices directly from the Acronis console, enabling faster remediation of incidents, reliable support, and increased efficiency by providing instant access to endpoints. Now, not only are client workloads protected with a world-class integrated solution, but they can be easily and immediately accessed in case of an incident. Service providers can deliver on-demand help desk support to any end user computer or mobile device remotely using Splashtop, regardless of device type or operating system. They can also enable their end users to remotely access their work computers, all from a centralized platform. “No business is safe in the current cyberthreat landscape, and they are looking to Managed Service Providers who specialize in cyber protection services,” said Acronis Vice President and General Manager, Americas, Pat Hurley. “Acronis provides the air-tight protection MSPs need, while Splashtop’s intuitive interface allows issues to be resolved without delay, reducing costs associated with downtime.” Managed Service Providers can execute service requests faster, exceed SLAs and increase overall customer satisfaction by enabling this free-of-charge integration with Splashtop. Client workloads are protected with a world-class cyber protection solution that is easily accessible in the event of an incident. Users enjoy: Quick onboarding: The Acronis-Splashtop integration enables users to initiate immediate, one-click access to all managed workloads. Easy remote desktop access for managed devices: Support distributed teams and devices with ease, whether employees are working from home, from the office, or on the go. Native features during remote sessions: Take advantage of Splashtop’s high performance features, including file transfer, remote reboot, share technician desktop, chat and more. The synergy between Acronis Cyber Protect Cloud and Splashtop allows service providers to deliver superior remote support — silently, seamlessly and on time — through a reliable, direct connection. “Security is the backbone of everything we do at Splashtop, so we are proud to partner with such a trusted and proven cyber protection platform,” said Thomas Deng, Co-Founder and SVP of Product Management at Splashtop. “Acronis leaves no stone unturned when it comes to the protections and support it offers service providers and their clients.” 200,000 businesses and 30 million end users around the world securely use Splashtop, including large banks, sports & entertainment companies, educational institutions, healthcare organizations and government agencies. To learn more about the Acronis Splashtop integration, visit solutions.acronis.com/splashtop and Splashtop.com/integrations/acronis. About Splashtop Splashtop is a leader in secure remote access and support. Its solutions for flexible work, learning and IT support deliver an ‘in-person experience’ that is as fast, simple and secure as being in front of an on-site machine. Splashtop delivers high performance with 4k quality at 60fps; advanced security features and compliance; one application for access and support for all devices and operating systems; and instant global support with direct access to an expert. More than 30 million users, including those in 85% of Fortune 500 enterprises, enjoy Splashtop products globally. Splashtop.com About Acronis Acronis unifies data protection and cybersecurity to deliver integrated, automated cyber protection that solves the safety, accessibility, privacy, authenticity, and security (SAPAS) challenges of the modern digital world. With flexible deployment models that fit the demands of service providers and IT professionals, Acronis provides superior cyber protection for data, applications, and systems with innovative next-generation antivirus, backup, disaster recovery, and endpoint protection management solutions powered by AI. With advanced anti-malware powered by cutting-edge machine intelligence and blockchain based data authentication technologies, Acronis protects any environment – from cloud to hybrid to on premises – at a low and predictable cost. Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 2,000 employees and offices in 34 locations worldwide. Its solutions are trusted by more than 5.5 million home users and 500,000 companies, and top-tier professional sports teams. Acronis products are available through over 50,000 partners and service providers in over 150 countries and 26 languages.

Read More

PLATFORM SECURITY

Sophos Announces Sophos X-Ops

Sophos | July 21, 2022

Sophos, a global leader in next-generation cybersecurity, today announced Sophos X-Ops, a new cross-operational unit linking SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against constantly changing and increasingly complex cyberattacks. Sophos X-Ops leverages the predictive, real-time, real-world, and deeply researched threat intelligence from each group, which, in turn, collaborate to deliver stronger, more innovative protection, detection and response capabilities. Sophos today is also issuing “OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks,” research about increased attacks against unpatched Microsoft SQL servers and how attackers used a fake downloading site and grey-market remote access tools to distribute multiple ransomware families. Sophos X-Ops identified and thwarted the attacks because the Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize the adversaries. “Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged. Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos,” said Joe Levy, chief technology and product officer, Sophos. “We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise. Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response. Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.” Speaking in March 2022 to the Detroit Economic Club about the FBI partnering with the private sector to counter the cyber threat, FBI Director Christopher Wray said, “What partnership lets us do is hit our adversaries at every point, from the victims’ networks back all the way to the hackers’ own computers, because when it comes to the FBI’s cyber strategy, we know trying to stand in the goal and block shots isn’t going to get the job done. “We’re disrupting three things: the threat actors, their infrastructure and their money. And we have the most durable impact when we work with all of our partners to disrupt all three together.” Sophos X-Ops is taking a similar approach: gathering and operating on threat intelligence from its own multidisciplinary groups to help stop attackers earlier, preventing or minimizing the harms of ransomware, espionage or other cybercrimes that can befall organizations of all types and sizes, and working with law enforcement to neutralize attacker infrastructure. While Sophos’ internal teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined process necessary to counter equally fast-moving adversaries. “Effective cybersecurity requires robust collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors at speed at scale. Combining these separate teams into Sophos X-Ops shows that Sophos understands this principle and is acting on it.” Michael Daniel, president and CEO, Cyber Threat Alliance Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity due to the aggressive advancements in organized cybercrime. By intertwining the expertise of each group, Sophos is pioneering the concept of an artificial intelligence (AI) assisted Security Operations Center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos believes this approach will dramatically accelerate security workflows and the ability to more quickly detect and respond to novel and priority indicators of compromise. “The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it. The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups,” said Craig Robinson, IDC research vice president, Security Services. “Combining the ability to cut across a wide breadth of threat intelligence expertise with AI assisted features in the SOC allows organizations to better predict and prepare for imminent and future attacks.” About Sophos Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.

Read More

PLATFORM SECURITY

Uptycs Unveils Advanced Container and Kubernetes Capabilities

Uptycs | May 27, 2022

Uptycs, the first cloud-native security analytics platform that enables both cloud and endpoint security from a single platform, today unveiled expanded container and Kubernetes security posture management (KSPM) features for its cloud workload protection platform (CWPP). These features enable real-time identification of containerized workloads, proactive scanning of container images in the CI/CD pipeline, constant compliance monitoring, and Kubernetes security policy audit and enforcement. According to Gartner, by 2026, over 90% of the world's enterprises will be operating containerized apps in production, up from less than 40% currently. Businesses, on the other hand, struggle to manage and maintain these transitory assets. Misconfigurations in the control plane and insecure policies at the single container layer are used by attackers to escalate permissions, conduct container escapes, and compromise nodes for executing code. "Organizations are rapidly scaling their Kubernetes environments and seeing tremendous gains in optimization, availability, and developer productivity, but too often Security teams are left playing catch up. With telemetry from Kubernetes systems supported by our analytics platform, Security teams know immediately what resources they have and the security posture of those resources—across public and private clouds, scaling to tens of thousands of pods. Combined with our industry-leading container security capabilities, this gives Security teams confidence that they have the proper controls in place to minimize risk while enabling innovation." Ganesh Pai, CEO and Co-founder of Uptycs Uptycs offers both fully managed (AWS EKS, Azure AKS, Google GKE) and self-managed Kubernetes environments, such as VMware Tanzu and Google Anthos. Uptycs contains a range of container runtimes (Docker, containerd, CRI-O). The latest KSPM capabilities offered by the Uptycs platform are now readily accessible and will be shown at the 2022 RSA Conference (booth #435) from June 6-9. Learn more about the Uptycs container and Kubernetes security service by visiting the Uptycs blog.

Read More