SaaS Security Posture Management: SaaS Security Beyond CASB

This IDC Perspective details SaaS security beyond CASB. CIO's love SaaS because it can not only reduce on-prem legacy systems but also employee productivity can be substantially improved. Even as fears of inflation loom, the accelerating movement to SaaS applications is viewed as a strategic weapon to combat looming economic malaise.The promise of moving to SaaS is compelling; most of the shared responsibility model is managed by the SaaS provider, but securing identity and data remains the responsibility of the customer. Traditional security tools do not work well with SaaS. Security can secure traditional web browsers, but SaaS is not a website. It is an application. In addition, it is important to note that SaaS introduces/emphasizes an additional responsibility of integrations. SaaS application data, configuration, and settings are increasingly needed to be integrated, governed, and managed using APIs.Cloud Access Security Broker (CASB) is an important tool for organizations in the journey to the cloud and can provide some illumination of SaaS. However, when applications are delivered as SaaS, securing these applications totally change; monitoring L3 and L4 access alone is no longer enough. Context matters ... specifically SaaS context as control now has to be implemented based on identity and data controls."The growth of SaaS applications, the increasing demand to integrate these applications for unified security and control, and the issue of APIs have created a demand in the market for a single offering that integrates and manages disparate SaaS applications, provided as a service, and takes away the burden of API drift on behalf of customers," according to Frank Dickson, group vice president, Security and Trust, IDC.