Gone are the days when software had to be installed on your own computer – on premise – in order to use it. For several years now, providers have been making Software as a Service (SaaS) available in the cloud, and millions of people use these software applications every day, including for example Office 365, Google Drive, WeTransfer or Zoom. SaaS services are easy to use: users simply need to configure the software and the data for their purposes.
Benefits and challenges of using SaaS
The benefits: SaaS is easy to use, always up-to-date with regards to technology, globally available, and has a good price. The billing model, a kind of subscription system, is known as "pay-per-use".
The challenge for you as a company: The challenge is that companies are responsible for access, accounts and data security for each individual SaaS service. In order to meet this responsibility, the so-called shadow IT must be contained.
The following questions will help you to achieve this:
- Which cloud services are used by which user or in which department?
- Are the company's compliance policies being adhered to?
- Which data are transferred, and are they adequately protected (e.g., encrypted)?
- Do the security mechanisms in place prevent unauthorized access?
- Are there measures in place to prevent unwanted data leakage?
Our cloud security team will help you identify your company-specific challenges of SaaS usage and find solutions. With the tools of our "Shadow IT Assessment" as well as the "Cloud Access Security Broker", you will have full transparency of your existing SaaS usage. In addition, our specialists advise you on how to achieve maximum security when using current and future SaaS services.
|Characteristics of SaaS||What challenges can arise for you from this?|
|Quick and easy booking of a wide variety of cloud services - especially by non-IT employees.||A "shadow IT" emerges that can quickly get out of control in terms of data security, data protection, compliance and cost transparency.|
|Personal and corporate data is stored by cloud providers in globally distributed data centers||Lack of transparency about where personal data in particular is stored or processed leads to challenges in complying with legal regulations, such as the DSGVO|
|SaaS services have their own login and authentication mechanisms||The multitude of user logins with different, often weak passwords open up new attack vectors for cyber attacks.|
Shadow IT Assessment and Cloud Access Security Broker: Our Reliable Duo for Advanced Cloud Security.
On your way to SaaS Security, we will help you go through the phases of the Cloud Security Cycle. This requires two tools that are absolutely necessary to minimize the risks for your company and to allow you to benefit from the full potential of SaaS securely.
In the first phase "Identify", the tool is the TÜV Rheinland Shadow IT Assessment . It restores the transparency about cloud applications in your company. The assessment identifies applications and tools not provided by your corporate IT but still used by employees. The Shadow IT Assessment is the key prerequisite for controlling cloud usage and for moving to the next steps on the path to cloud security.
After the Shadow IT Assessment helped you gain clarity about the SaaS services used in your company, the second phase "Protect" can begin. The most important tool in this phase is the Cloud Access Security Broker (CASB) . As a kind of control system, it monitors and logs the data traffic between cloud applications and their users. At the same time, it also implements security policies.
Shadow IT Assessment and CASB are all but two – albeit critical – services of more than 50 within our Cloud Security Cycle. We will advise you on how to embed your Shadow IT Assessment and CASB into your overall cloud security strategy. In addition, we help you set up and operate the CASB and we will show you potential alternatives to critical cloud services. Because we are independent from manufacturers, we provide you with neutral and transparent advice. You can trust our long-time expertise.