Are your SaaS Apps secure? We can provide security for the software you deliver to your clients.
Public cloud apps are great for productivity, until a security incident occurs. SaaS apps are sources of data leaks and the primary targets of credential theft attacks, risking data loss and potentially spreading malware.
You provide SaaS app, but are they secure SaaS apps?
The prized jewels of hackers are stolen credentials. With IDs and passwords, thieves can gain access to your employees’ Office 365 user accounts, a database in AWS, a private app with sensitive data, or perhaps even your entire corporate network. With credentials they can upload malicious content like ransomware to spread across your devices and network as files are shared, or they can begin to exfiltrate sensitive data from your applications.
An additional challenge is well-intentioned employees may be engaging in risky behaviour while using the public cloud — without even knowing it — potentially accessing unapproved, less secure cloud apps, uploading files when they should not, copying and pasting sensitive content, etc.
User credentials are often exploited by threat actors who obtain them through business email compromise (BEC) or phishing attacks; purchase credentials that have been exposed through breaches and double-extortion ransomware attacks; or simply discover them in brute-force attacks. Once in, those threat actors have full access to sensitive data and can cause extensive damage.
Most SaaS applications address credential reuse via security controls that force users to log on only from specific IP addresses. While this can help prevent cybercriminals from accessing those applications with stolen credentials, this solution also restricts valid users’ ability to access their apps when working from home or on the road.
Businesses must also act to prevent unsanctioned exfiltration of sensitive data stored in SaaS apps. Authorized users who log in via unmanaged devices may download data to their devices, save them to their personal cloud storage app or otherwise expose them, either maliciously or through negligence.
The Solution: SaaS Application Access Controls
The solution to making SaaS apps secure is part of the ZT Edge platform by Ericom Software.
ZTEdge makes SaaS apps secure by leveraging SaaS app configurations that restrict each user to connecting from a user-specific, “portable” IP address. Each tenant on the ZTEdge Cloud is assigned a dedicated, unique personal IP address by the Cloud Access Security Broker (CASB). When the user logs in to an app via the cloud, their “location” is always the same, regardless of where they actually are.
Configuring SaaS app access to be restricted to this portable IP address means that a cybercriminal cannot log in to the user’s workplace SaaS apps via the public internet even if a user’s valid credentials are stolen or exposed, since the IP address is unique only to a specific user.
Likewise, since users must authenticate via the ZTEdge Cloud to be “located” at the IP address that enables them to log in to secure SaaS apps, restrictions on data access and use can be applied. This method also offers security operations teams granular insight into who is logging in to your secure SaaS apps, from where, at what time, and to access what–all questions that must be addressed to ensure Zero Trust security.
In addition to IP-address-based access controls, ZTEdge can enforce policy-based restrictions on access to specific cloud applications for all users, individual users, or certain groups or locations. Alternatively, rather than blocking access completely, data sharing functions such as uploading or downloading files or entering data into cloud applications, can be restricted or entirely disabled. Additionally, file downloads from file-sharing applications can be scanned for malware to protect devices from being infected.
ZTEdge SaaS Application Access Control Highlights
- Controls App Access
- Prevents Data Exfiltration
- Eliminates Credential Theft Risk
- Prevents access to business apps from the public internet
- Eliminates risk of external access via stolen credentials
- Enables enforcement of user, group, location and/or device-based policies for SaaS applications
- Supports restriction of user sharing and exfiltration of app reports and data
- Blocks malware in infected file downloads
- Prevents lateral movement if an attacker succeeds in accessing network.
Clientless Cloud Access Security Broker (CASB) access and data-sharing controls are coupled with dedicated IP-based access restrictions, and provide:
- Granular App Access Controls
- Threat Prevention
- Data Security (DLP, RBI-based Controls)
With ZTEdge, you can get a dedicated tenant IP address, so you can enforce IP-based access restrictions that ensure only users coming through ZTEdge – regardless of where they are located – can access your SaaS applications. This effectively eliminates the risk of credential theft for your entire company.
Additionally, ZTEdge’s in-line isolation-based CASB gateway allows you to enforce user, group, device, time, or location-based policies on application access. If policies permit access, ZTEdge further allows you to restrict data-sharing functions, such as removing a user’s ability to upload or download files or enter data in cloud apps. Finally, ZTEdge includes Data Loss Prevention (DLP) to protect sensitive data, as well as AV and CDR scanning to prevent malicious files from being uploaded to or downloaded from SaaS applications.
Why choose ZTEdge?
ZTEdge cuts complexity, reduces cyber-risk, and improves performance, all at a dramatically lower price point than alternative solutions. The platform is built to protect what matters for your midsize enterprise or small business – your users, data, applications and customers.
It cuts complexity, reduces cyber-risk, and improves performance, at half the cost of other Zero Trust solutions. ZTEdge delivers a comprehensive set of Zero Trust security capabilities via a high-performance, resilient cloud platform. A cloud-native architecture and flexible global PoP infrastructure make ZTEdge highly efficient, allowing us to pass significant cost savings along to our customers.
