Employee Resignations are Riskier Than You Might Imagine

There’s been a notable shift in job changes over the last six to twelve months. People are either deciding to up and leave the workforce altogether or seeking out new opportunities likely to change things up; given how much the pandemic has altered every aspect of both our personal and professional lives. Economists are labeling this as “The Great Resignation,” and these changes are shifting the paradigm for SaaS security. In this article we will address a few specific threat models that become compounded by the “Great Resignation,” and highlight how Zero Trust Data Access solutions can mitigate the risk of cyber breaches and attacks.

First, let’s talk about the insider threat.

As work and home life have increasingly converged many have found it convenient to share corporate data that resides in SaaS applications to their personal email accounts. But this “personal sharing” can create vulnerabilities that are difficult for an organization’s IT and security operations teams to be aware of – let alone manage. In addition, this “Great Resignation” creates an environment whereby employees may depart from a company, but still retain full access to corporate data that resides within their personal accounts. Think about it. At some point in your career, you’ve resigned from your employer and likely sent data and files directly to your own personal email address on your way out.  However strongly you feel that those files are “yours,” they are in most cases proprietary to your former employer.

Further still, personal email platforms as a rule do not require multi-factor authentication (MFA), making them the weakest link in the chain of an enterprise security solution. A company’s investment in Zero Trust or least privilege access (among other security measures), can be completely undermined by the simple sequence of sharing a SaaS asset with a personal email address, having that email address compromised by a bad actor, and then the bad actor using those credentials to infiltrate a corporate network. It happens.  With the spike in employee departures, it’s important that organizations have a strong handle on “who has access, and to what” for each user and entity to ensure sensitive company data and files do not end up in the public domain.

Next, let’s focus on the 3rd party risk.

It is well understood that any job function can essentially be outsourced. There are firms both large and small that can provide support for any area of business. One of the best ways for organizations to fill the void in both for the short and long term is to onboard 3rd party vendors. Outsourcing mission critical systems, services, and applications to drive the business forward increases both the scale and complexity of the attack surface. Oftentimes organizations do not enforce the same level of security around their 3rd party vendors as they do with their internal users and entities.

Making matters worse is the fact that the security posture for each individual vendor differs dramatically; the larger firms typically have much stronger security programs in place when compared to firms of a smaller size. Being able to truly understand the full extent of an organization’s 3rd party vendor relationships and the associated risks is an uphill climb, which becomes even more difficult when it comes to quantifying digital risk.

Today, Software as a Service (SaaS) applications are a critical business driver for organizations of all sizes and types. Providing access to business-critical SaaS apps with 3rd parties is standard best practice to collaborate on projects, or outsource them altogether. But how do you centralize the creation and enforcement of granular data access control policies across the entire SaaS application estate? Each SaaS application has some native built-in functionality to mitigate the risk of data overexposure, but those controls are often too light given the confidential and privileged nature of the content being exchanged between an organization and its 3rd party vendors.

Zero Trust Data Access (ZTDA)

Mitigating the risk of data exfiltration and cyber attacks that is brought on by insider threats and 3rd party vendors can be addressed by applying Zero Trust Data Access controls. Today, most organizations have bought into the concept of Zero Trust, and as such have adjusted their security programs to better align to this modern approach. Initially securing the identity layer via identity provider (IDP) solutions to establish the appropriate level of permissions and entitlements based on roles and responsibilities. Next, ensuring that the users and identities were brokered a secure connection via a Zero Trust Network Access (ZTNA) solution, to any corporate sanctioned resources from the devices they were accessing them from. Lastly, enforcing least privilege and Multi-Factor Authentication (MFA), and other tools and principles to effectively “never trust, always verify.”

Organizations require a single security strategy that centralizes the enforcement of least privilege – beyond the identity, network, and device levels – throughout their entire estate of SaaS applications. Existing SaaS application providers either lack these capabilities altogether or they lack the granularity required to be effective in preventing major breaches and data exfiltration. Relying on the native security capabilities of each individual SaaS application is ineffective and does not provide a consistent way to implement data access controls throughout all SaaS application types.

The DoControl Zero Trust Data Access (ZTDA) solution provides full visibility across all SaaS access for every identity and entity (i.e. internal users and external collaborators) throughout the entire organization. Continuous monitoring across all SaaS events and activities provides a baseline understanding of normal activity, and automatically identifies anomalous data access events. Granular data access control policies allow for consistent enforcement of least privilege access across the SaaS applications being leveraged by the organization. Workflows are triggered automatically based on end-user activity that is matched against rich micro-segmentation of users, collaborators, groups, assets, domains, and much more.

Attackers are going to get in. Insider threats are real. The DoControl ZTDA solution was architected with an ”assume breach’ mindset to prevent critical SaaS application data from inadvertently getting out. DoControl is able to trigger workflows based on any SaaS end-user activity event matched against rich micro-segmentation of users, collaborators, groups, assets, domains, and much more.

Experience a more complete Zero Trust Architecture, and move the business forward in a secure way.

Interesting Related Article: “Is The Great Resignation A Threat To Your Industry?