How to Apply NIST Principles to SaaS in 2023

How to Apply NIST Principles to SaaS in 2023
Arye Zacks
March 13, 2023
share:

The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute’s cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can’t be overstated.

 

While NIST hasn’t directly developed standards related to securing the SaaS ecosystem, they are instrumental in the way we approach SaaS security.

 

NIST recently released its Guide to a Secure Enterprise Network Landscape. In it, they discuss the transformation from on-premise networks to multiple cloud servers. Access to these servers, and the accompanying SaaS apps, is through both secure and unsecured devices and locations across disparate geography.

 

The move to the cloud has effectively obliterated the network perimeter. As a result, companies have increased their attack surface and are experiencing an escalation of attacks that span across network boundaries.

 

Rather than focus on network-centric security, security must take a three-pronged approach. The user, endpoint, and application are keys to protecting data. This new paradigm emphasizes the importance of identity, location, and contextual data associated with the user, device, and service.

The Tools to Meet Today’s Challenges

Today’s security tools need to scale to meet the volume, velocity, and variety of today’s applications. They need to integrate seamlessly with SaaS applications and provide coverage for the entire SaaS stack.

 

To be effective, these tools need to minimize human intervention for monitoring and remediation. Automation is critical for an ecosystem that demands secure configurations for each user account that has access to the application. Large organizations may have millions of configurations to secure across their entire SaaS stack; closing them manually is an impossible task.

SaaS Monitoring

SaaS security tools must be able to integrate with all the apps on the stack and identify each application through the SaaS app’s APIs. Once connected, it must monitor the security configurations, staying alert to any changes. This configuration drift can have severe consequences, as it exposes SaaS applications by removing the safeguards put in place to prevent unauthorized access. It needs to continuously monitor applications, and issue alerts as risk increases.

SaaS Monitoring in Adaptive Shield Platform
Figure 1. SaaS Monitoring in Adaptive Shield Platform

 

Contextual Data

Effective SaaS security tools use contextual data to detect threats to the application and its data. These threats can come from humans and machines and may have access to the system using verified credentials.

 

Contextual data from across the SaaS stack can help identify paradoxical travel, spikes in failed authentication attempts from the same IP address for multiple accounts, or attempts where automated tools test weak and common passwords against known user names. It can also recognize malicious third-party applications that are significantly overprivileged for their functionality.   

Contextual Data as Seen in Adaptive Shield 
Figure 2. Contextual Data as Seen in Adaptive Shield 

Device Management

In the world of SaaS, the devices represent the network perimeter. Accessing SaaS applications with devices that have poor hygiene can put all the data at risk. Compromised devices can hand over login credentials to threat actors, who can leverage that into breaching and stealing data.

 

Effective SaaS security tools partner with endpoint security providers to ensure that the devices that access SaaS apps have an up-to-date operating system, all software has been updated, and any patches have been applied. 

Device Management in Adaptive Shield Platform
Figure 3. Device Management in Adaptive Shield Platform

User Authentication

While devices may be the perimeter, user ID is the barrier preventing unfettered access to company data. Access should be given using a zero-trust approach. All access should be granted through an SSO connected to an enterprise-managed IdP. Organizations should reinforce this entryway with a phishing-resistant MFA authenticator.   

Invalid Login Attemps Alert
Figure 4. Invalid Login Attempts Alert

Meeting NIST Standards

Effective SSPM platforms are built on robust security checks that review each SaaS configuration to ensure they are optimized for protection. Typically, security setting recommendations are influenced heavily by NIST’s cybersecurity approach, and their guidance enables SSPM vendors to monitor and track usage, users, and behaviors, as well as identify threats.

About the writer

Arye Zacks
Sr. Technical Content Specialist
How to Apply NIST Principles to SaaS in 2023
Arye takes complicated concepts and makes them easy to understand. A gifted storyteller with a marketing background dating back to the 90s, he knows how to engage readers with stories that address the challenges they face. Oh, and he is beloved for his skills on the grill and smoker.

Detangling a Confusing Threat Detection for SaaS Landscape

Detection and response sit at the heart of any well-thought-out cybersecurity program. However, for all the benefits of detection and response, there is still some confusion in the marketplace about these tools. This article aims to detangle the confusing threat detection SaaS landscape.
Read more
Arye Zacks
December 28, 2022

How to Protect Patients and Their Privacy in Your SaaS Apps

The healthcare industry is under a constant barrage of cyberattacks and has traditionally been one of the most frequently targeted industries. While the adoption of SaaS apps has led to better collaboration among medical professionals and improved patient outcomes, medical facilities must adhere to strict industry standards to ensure the highest level of security and compliance for healthcare data.
Read more
Arye Zacks
December 28, 2022

Webinar Spotlight: Identity Security for Human and Non-Human Identities

A short recap of the Identity Security for Human and Non-Human Identities webinar where CEO and co-founder of Adaptive Shield, Maor Bin, dives into the identity risks in SaaS applications, and explains how to defend the SaaS environment through a strong identity security posture.
Read more
Adaptive Shield Team
June 9, 2021
request a demo
Solution
By Use CaseWhat is SSPMGet in touch
Platform
Sign inFeatures  & FunctionalitiesIntegrations
Resources
LibraryBlog
Partners
Business PartnersTech Partners
Company
AboutNewsEventsCareers
2024 Adaptive Shield All rights reserved
Trust Center ›Privacy Policy ›Terms ›
GDPR Compliant
ISO 27001 Compliant
ISO 27001 Certified
ISO 27701 Certified
SOC 2 Compliant
Cyber GRX