New guide explains how to eliminate shadow SaaS risks and protect corporate data

May 3, 2024hacker newsSaaS security/browser security

SaaS applications are dominating enterprise environments. Their increasing use allows organizations to push the boundaries of technology and business. At the same time, these applications also introduce new security risks that security leaders must address, as existing security stacks cannot fully control or comprehensively monitor application usage.

LayerX recently released a new guide for security and IT teams that addresses this gap: Let There Be Light: Eliminating the Risk of Shadow SaaS. This guide describes the challenges of shadow SaaS, the use of unauthorized SaaS apps for business purposes, and suggests practices and controls that can alleviate them. This guide compares various security controls that attempt to address this risk (CASB, SASE, Secure Browser Extension), and also explains how each works and its effectiveness. This makes this guide a must-read for all security leaders in modern organizations. Key highlights include:

What are the risks?

According to LayerX, 65% of SaaS apps are not approved by IT departments and 80% of employees admit to using unapproved apps. This means that the majority of organizations are dealing with the potential for corporate data to be exposed to external threats.

The three main risks to organizations are:

1. Data loss – Sensitive data leakage through various SaaS apps. These include things like ChatGPT or other his GenAI apps, spell checkers, and apps that help you manage your data files. This leak can be done inadvertently through “harmless” apps. Or it could be the result of an employee using his SaaS app, which was maliciously created, with the purpose of being used as a decoy and luring the employee into sharing sensitive data.
2. Identity theft and account takeover – Malicious access to corporate credentials. This occurs when an employee logs into her SaaS app using her work email and typically a reused password, and an attacker obtains this information.
3. Compliance and Privacy Violations – Violation of privacy regulations by exposing private and sensitive data through public channels.

Shadow SaaS Mitigation Guidelines

To address shadow SaaS risks, this guide introduces a three-pronged approach: app discovery, user monitoring, and active enforcement. Each aspect is analyzed and discussed to provide readers with a clear roadmap to effectively protect their systems and resources.

As part of this research, this guide compares two options for shadow SaaS mitigation: a traditional proxy approach and a browser-based solution. Each approach is categorized into advantages and disadvantages, providing readers with the information they need to decide which method best suits their organization’s needs.

Here’s a summary of the comparison (you can read the full analysis in our guide:

secure browser extensions

Ultimately, Secure Browser Extensions emerges as the most comprehensive and user-friendly solution to combat shadow SaaS. These enhancements allow IT and security teams to regain control of their SaaS environments while providing visibility and governance of SaaS app usage. This ensures a safe and flexible workspace.

Here’s how secure browser extensions work:

1. Discover all SaaS apps – A secure browser extension performs continuous analysis of browser sessions, showing IT teams which SaaS apps employees are accessing.
2. Strengthening ID security system – Secure browser extensions can integrate with cloud identity providers and act as an additional authentication factor. This prevents access by an attacker with compromised credentials.
3. Breaking change alert – Secure browser extensions can also identify when a new user account is created. Alerts are then triggered and your identity team can inspect these apps to determine if they comply with your organization’s security policies.
4. Governance and control – Safe browser extensions can block access to apps flagged as risky and block data uploads from your device to risky apps.

SaaS apps are easy to use and benefit your organization’s operations. Security and IT teams aiming to become business enablers need to find ways to allow the use of SaaS apps while ensuring that the corporate environment is protected. Secure browser extensions are a solution that can provide both. Read our complete guide to learn more.