Mobile devices, SaaS platforms, and corporate data can be a dangerous combination, vulnerable to cyberattacks, data breaches, and simply putting sensitive information at risk of ending up in the wrong hands. In fact, such exploits aren’t just theoretical; according to researchers, an Italian surveillance company created a fake version of WhatsApp for “high target” users to install, providing the group with access to details of the users’ iPhones.
All of the elements involved in these situations — devices and various SaaS platforms, both personal and corporate — are quite secure in their own right. But there are times when that isn’t true. In certain configurations and under certain conditions, those devices and platforms could constitute a security risk. In other words, CISOs and security teams need to be concerned not just about the apps and devices their organizations use, but how they are used together, and whether those combinations could be responsible for even greater security issues. Security lapses, indeed, can be present in almost any software and hardware combination.
Examples of SaaS Platform Threats
In Slack, for example, apps that are installed by users remain installed — until someone takes action to disable or uninstall them. In that sense, an app acts as a “bot,” continuing to operate as long as the token remains valid. An app remains even if the person who installed or used the app is no longer with the organization. So if the user has installed apps on Slack, then leaves the organization and IT revokes the user’s access to Slack, the installed apps may keep working just as before. So, for example, if an app was set up to send Slack messages to a personal email address, it could keep doing so, potentially allowing former employees to access work Slack messages. It is easy to imagine how trouble could ensue.
In Salesforce, meanwhile, OAuth, which lets users enable authentication for web services, remains valid for all users unless it is actively halted — and that could apply to the many apps that utilize the Salesforce platform as well. Here, too, sensitive data could end up in the wrong hands if a user reinstalls an app without deleting the previous version. The user gets a new OAuth token, but the original token remains hidden under the user interface. Unless the cloud account was specifically deleted, reinstalling the app could give the new user access to the account, as the device will retain the former employee’s authentication information. A bad actor that gets control of that account and its hidden token could wreak serious damage to an organization, stealing, deleting or otherwise compromising important data — and giving them a platform that would enable them to spread malware, ransomware, or other damaging exploits throughout the organization.
Ultimately, the problem comes down to visibility — getting a full view of the platforms being used, the security policies those platforms adhere to, the specific third-party apps employees are using with those platforms, on which devices, and what the security risks of those platforms are, both specific to the hardware and when interacting with platforms and third-party apps. In other words, it’s a near-impossible task for even the most talented cybersecurity pro.
One solution could be to blocklist everything, keeping very strict control over what applications, platforms, and resources employees could utilize. But that’s unlikely to work. Employees utilize SaaS in order to be more productive, and limiting access to those services hurts productivity. With so many services out there, keeping track of all of them is next to impossible, and employees can use any of those “uncharted” services without anyone in IT the wiser. The bottom line is that employees are naturally going to utilize the platforms and apps that make them most productive, regardless of security challenges.
A better system — one that will have far less of an impact on organization productivity — is an automated system that can check all software interaction on a network. The system would be able to check for behavioral anomalies that occur at the intersection of hardware and software, setting off alarms that will alert security personnel of possible issues. Add machine learning and AI technologies to the mix, and you have a system that can learn what behavior is desired, innocuous, or undesired.
With that data, security teams will be able to achieve much greater visibility and enable them to set appropriate security policies. Thus if a third-party app is the root of suspicious activity, security teams can keep an eye on it, determining if the issue is a one-off or if that app really constitutes a security risk, thus enabling them to shut off its use completely and guide employees that they should find a substitute. This way, productivity is thus not harmed, while security is maintained. As SaaS and remote work continue to proliferate, such automated AI-based technology will be increasingly required to ensure that organizations get their work done — safely and securely.