Security News > 2022 > August > Who Has Control: The SaaS App Admin Paradox

The paradox lies in the fact that it's the security team's responsibility to secure the organization's SaaS app stack and they cannot effectively execute this task without full control of the SaaS app.

While the security and IT teams are reported to be the main destination for SaaS app management, it's the 40% of business departments also taking part and having full access that complicates the threat landscape.

Without in-depth knowledge of security or the vested interest, it's not reasonable for the security team to expect that the business owner will ensure a high level of security in their SaaS. Unpacking the SaaS App Ownership Paradox.

Hailed as a MUST HAVE solution to continuously assess security risks and manage the SaaS applications' security posture in the "4 Must-Have Technologies That Made the Gartner Hype Cycle for Cloud Security, 2021", such a solution can alert the security team on any app configuration change made by the app owner, and provide clear directions on how to fix it through a ticketing or collaboration management system.

There's no way to eliminate business departments' access to SaaS app security settings, and while users across the organization should be educated on basic SaaS security in order to reduce the risk that may occur from business departments, it doesn't always happen or it's just not enough.

Organizations need to implement a solution that helps avoid these situations by enabling visibility and control for the security team, alerting on configuration drifts, audit logs that provide insight into actions within the SaaS apps and scoped admins.

News URL

https://thehackernews.com/2022/08/who-has-control-saas-app-admin-paradox.html