The National Institute of Standards and Technology (NIST) is a global cybersecurity standard-bearer. The US-based Institute’s Cybersecurity Framework helps organizations of all sizes understand, manage, and mitigate their cyber risk levels and better protect their data. Its importance in combating cyberattacks cannot be overemphasized.
NIST does not directly develop standards related to securing the SaaS ecosystem, but it does help with our approach to SaaS security.
NIST recently released a guide to a secure enterprise network landscape. In it, we cover the conversion of an on-premises network to multiple cloud servers. Access to these servers and accompanying SaaS apps is via both secure and unsecured devices and spans a wide variety of geographic locations.
With the move to the cloud, network perimeters have virtually disappeared. As a result, enterprises are expanding their attack surface and experiencing escalation of attacks across network boundaries.
Instead of focusing on network-centric security, security should take a three-pronged approach. Users, endpoints and applications are the keys to securing your data. This new paradigm emphasizes the importance of identity, location, and contextual data associated with users, devices, and services.
See how the Adaptive Shield can help strengthen your NIST compliance.
Tools for today’s challenges
Today’s security tools must scale with the volume, velocity, and variety of today’s applications. It should integrate seamlessly with SaaS applications and cover the entire SaaS stack.
Effective use of these tools requires minimal human intervention for monitoring and remediation. Automation is important for ecosystems that require secure configuration for each user account that can access an application. Large organizations may need to protect millions of configurations across their SaaS stack. Closing them manually is an impossible task.
SaaS monitoring
A SaaS security tool should be able to integrate with every app on the stack and identify each application through the SaaS app’s API. Once connected, you should monitor your security configuration and keep an eye out for changes. This configuration drift can have serious consequences as it exposes SaaS applications by removing safeguards put in place to prevent unauthorized access. Applications should be continuously monitored and alerted when risk increases.
 |
| Figure 1. SaaS monitoring on the Adaptive Shield Platform |
Context data
Effective SaaS security tools use contextual data to detect threats to applications and their data. These threats can originate from humans and machines and can access systems using verified credentials.
Contextual data from across the SaaS stack can help you understand whether paradoxical travel, spikes in failed authentication attempts from the same IP address for multiple accounts, or automated tools finding weak and common passwords for known usernames. Helps identify attempts to test. You can also recognize malicious third-party applications that have significantly over-privileged functionality.
 |
| Figure 2. Context data displayed in Adaptive Shield |
Get a demo of how Adaptive Shield can help protect your SaaS stack
Terminal management
In the SaaS world, devices represent network perimeters. Accessing SaaS applications on devices with poor hygiene can put all your data at risk. Compromised devices can pass login credentials to attackers, who can use them to compromise or steal data.
Effective SaaS security tools partner with endpoint security providers to ensure that devices accessing SaaS apps have the latest operating system, all software updated, and patched. confirm.
 |
| Figure 3. Device management in Adaptive Shield Platform |
User authentication
Devices can be a perimeter, but user identities are the barriers to unfettered access to corporate data. Access should be granted using a zero trust approach. All access should be granted via SSO connected to his corporate managed IdP. Organizations should harden this entry point with a phishing-resistant MFA authenticator.
 |
| Figure 4. Invalid login attempt alert |
Compliance with NIST standards
An effective SSPM platform is built on robust security checks that review each SaaS configuration to ensure it is optimized for protection. Security configuration recommendations are typically heavily influenced by NIST’s cybersecurity approach, which provides guidance for SSPM vendors to monitor and track usage, users, and behavior, and identify threats.
See how Adaptive Shield’s SSPM protects your SaaS stack
