Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

SaaS risks come into focus

Mathias Thurman | Aug. 3, 2016
Sometimes, security risks are hiding in plain sight

My company is pretty much all in with software as a service (SaaS). At this point, in fact, only three major applications live on our corporate network: our source code repository, bug tracking system and departmental fileshares. And most of our users don’t need those applications to get their jobs done, instead relying on another 90 or so applications, all of which live on the internet and thus are available from anywhere in the world. (There are a few exceptions, for applications that are configured to restrict access by IP address.)

Trouble Ticket

At issue: SaaS has made it possible for a large chunk of the workforce to get their jobs done anywhere, without ever logging into the corporate network. That’s trouble, starting with the fact that their PCs are never backed up.

Action plan: Find and acquire tools that will remove the security holes while not interfering with workers’ remote freedom.

We won’t be backing off from SaaS, of course. Employees love the convenience that SaaS provides, and IT has seen SaaS migration reduce operational overhead, speed up deployments, streamline integration and minimize single points of failure. Nonetheless, there are drawbacks, especially from my security point of view.

The crux of the problem is that many of our employees work remotely and do not come into any of our offices, and with SaaS applications at their disposal, they don’t need to establish a VPN connection to our network in order to do their jobs. They only need an internet connection. Left untethered to the network for long stretches of time, their PCs aren’t backed up. That’s an invitation to trouble.

This came home to me last week when I was, in fact, at home, working remotely for a couple of days to prepare a presentation for top executives on threats to the business. I included some slides about ransomware, and specifically CryptoLocker, which is currently the most widely disseminated variant. CryptoLocker encrypts files on a victim’s hard drive and demands a ransom in exchange for the decryption key. There are many countermeasures to prevent falling victim to ransomware, such as effective patch management, robust endpoint protection (antivirus) and user awareness training. But one of the most effective controls is doing regular backups of PCs.

When you have a complete backup for a PC that gets hit by CryptoLocker, you can simply re-baseline the PC and restore files from the backup. With that thought in mind as I sat in my home office (a.k.a. the kitchen table), I decided to open my Symantec Backup Exec agent to check the status of my local files. What I found was that my files were in a “pending network” status — not being backed up. The reason was simple: I hadn’t been in the office, using the corporate network, and I hadn’t connected via VPN. That’s unusual for me, but not at all for a big chunk of our workforce.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.