IT security must build a zero trust security architecture to protect cloud computing and data infrastructures
Cloud productivity apps like G Suite and Office 365 are now standard across many organizations. It is not uncommon to see users reply to an email or comment on a document while on the road and using their personal phone. This is because these kind of apps are always available from any location on any device, which increases productivity.
Cloud applications also pose problems for tradtional security techniques and can led to the demise of a “secure perimeter”. In the past, IT security professionals were able to put up firewalls and segment networks as well as prevent access to hosted apps from outside of approved networks. They are still able to extend these networks via VPN, however, using a VPN is an inconvenience and adoption is not common among users.
Zero Trust Security: Modern Security for Modern Productivity
Zero trust security architectures are being adopted as a way to secure users and applications. Traditonally, zero trust security has focused their approach around user identity. Single SignOn (SSO) through standards and/or Multi Factor Authentication (MFA) are examples of tradtional approaches. There are many compelling products on the market that are providing SSO and MFA for organizations of all sizes. For instance, Google’s BeyondCorp initiative has pioneered the concept of Access Proxy, but its adoption is still in the early stages.
I would recommend that you pair your identity-based zero trust security architecture with intelligence from SaaS apps, the most effective way to do this is via APIs. Here are three examples of how the two can work together with an API:
1. User access within Saas applications
Knowing locations, devices, ISPs and times of a typical user logging into a SaaS application can offer valuable insight regarding unusual user behavior and if the user account is compromised, as in an account takeover. APIs offer an easy way to visualize all user access to better understand activity that might be cause for suspicion.
2. Company content sharing within SaaS applications
Your company documents now live in the cloud and are accessible from anywhere in the world by authorized users…and hackers. There is no firewall or proxy you can deploy that will insure your data is secure from misuse. The best way to understand the use of any document is to understand who has been accessing the document, who it has been shared with, where it was downloaded from, who modified it, etc.
3. Phishing emails or compromised emails
In the past hackers would send phishing emails that appear to be from your employees, now hackers are sending emails that are coming directly from your employees’ email. Hacker accomplish this by gaining access to your employee’s inbox through an OAuth grants issued for so called useful apps such as games or restaurant tip calculators. Traditional anti-phishing defenses are no match for these targeted attacks because the compramised user’s actions are trusted by your secuirty controls. An MFA can stop some of these attacks, but not all.
To help prevent these attacks you need visibility into every third party app that has access to your employee accounts. This information is available from SaaS vendors through APIs, when the two are paired with user access patterns you can form an improved defense against attacks.
The above stated are examples of how an API-based approach to SaaS security can complement and strengthen your zero trust security architecture. There is no silver bullet when it comes to cloud security, you need an approach that leverages defense in depth.
The sooner your IT security team moves away from an over-reliance on firewalls, proxies and on-prem LDAP authentication, the sooner they can be prepared to face emerging threats. Cloud applications that are always on and available from every device and location are a huge boon to organizations. However, they also require IT security teams to evolve and adopt new ways of addressing threats.