Interviews

Just-in-Time controls are crucial for cloud and SaaS security: Geoffrey Jakmakejian, Tenable

AI-powered SaaS applications are everywhere and enterprises across the globe have been using these tools for several years now. As these AI tools become more complex, visibility into their security remains a constant struggle. Keeping track of third-party applications, and the blindspots in the cloud make security a huge challenge. Geoffrey Jakmakejian, Security Engineer Manager at Exposure Management company Tenable discussed the importance of just-in-time controls and how it can protect cloud and SaaS apps.  

 

Why does achieving full visibility in SaaS security remain a challenge?

On average, large organisations use 41-61 SaaS apps. Unlike legacy licensing software, SaaS is cloud-based, which means that traditional cybersecurity measures, like firewalls that protect on-premise networks, data, and software, aren’t effective. It creates blindspots for cybersecurity teams looking to reduce risk and often they don’t have visibility into these environments.

 

Why do organisations struggle with SaaS security, despite increased cloud investments?

The ephemeral nature of visibility can largely be attributed to a fundamental disconnect between security and IT teams. Security teams are engrossed in the ceaseless battle against threats, prioritising safeguarding data, while IT primarily focuses on ensuring uninterrupted system uptime. Often, these two essential functions operate independently when selecting third-party solutions. In the absence of cohesive collaboration and alignment between these units, marked by divergent key performance indicators (KPIs) and objectives, the integrity of cybersecurity becomes compromised.

What is the role of Just-In-Time access in minimising risks?

Just-in-Time access places time-bound limits on permissions to prevent exposure to attack vectors. Using JIT to allow temporary access to cloud resources and also for sensitive cloud applications enforces the least privilege model, making the cloud environment more secure and compliant with regulatory frameworks. SaaS users are typically business users. Hence, using JIT to control access to sensitive SaaS apps ensures security extends beyond IT and to the entire business environment.

 

How to find the right cloud security solution to secure SaaS apps?

To future-proof cloud security investments, organisations must consider having a solution that discovers the compute, identity, and data resources in the cloud and offers contextualised visibility into how critical resources are accessed. It must expose the toxic combination of misconfigurations, excessive entitlements, vulnerabilities and sensitive data in the cloud to aid better risk prioritisation. A Cloud Native Application Protection Platform (CNAPP) is ideal as it replaces a patchwork of siloed products that often cause more problems than they solve, such as multiple false positives and excessive alerts. Additionally, the CNAPP solutions must have a JIT access capability that supports the current cloud identity provider and others. This would mean looking for a CNAPP platform with strong cloud identity entitlement management (CIEM) and data security posture management (DSPM) capabilities. CIEM makes it easier to detect where organisations have the most significant identity risks that warrant mitigating using the JIT approach. DSPM offers visibility into which resources are more sensitive than others.

 

What are the practical steps to adopt a preventive SaaS security posture?

The first step to achieving preventative security is treating cybersecurity as a true business partner, and bringing a security perspective at the earliest possible stages when considering the purchase and deployment of new SaaS solutions. When organisations allow cybersecurity to have a seat at the table in shaping business strategy, it can help shape holistic risk management strategies.

Securing today’s complex and dynamic IT environments requires bringing together vulnerability management, web application security, cloud security, identity security, attack path analysis and external attack surface management to gain full visibility into different cyber risks. Security teams can then effectively analyse all the data from different areas to make informed, proactive decisions about which exposures represent the greatest risk to the organisation. Implementing an exposure management program helps security teams see what attackers see, identify the unknown-unknowns by gaining visibility into third-party environments. They can better allocate time and resources so everyone involved is focused on taking the preventive actions that legitimately reduce an organisation’s cyber risk.