Why Cyber Security Considerations Are Important For SaaS Companies

Media Division | April 23, 2015

With the unprecedented growth of SaaS industry, cyber criminals have turned their attention towards breaking security rules in the cloud. When applications were limited to on-premise hosting, IT department had greater control over their performance, and application data resided within the organization’s boundary, subject to its policies.

In case of SaaS companies, the IT department has lack of control or knowledge over how enterprise data is stored. As a result, there are strong concerns about cyber threats on SaaS infrastructure that can lead to legal and financial liabilities. Migrating to the cloud for scalability adds additional security complexities for organizations to navigate.

Cyber threats to keep an eye on

While software-as-a-service can reduce costs, there are definite risks to be aware of, including the following:

  • Traffic hijacking: In SaaS, exploitation of applications can result in theft of credentials. With stolen credentials, cyber criminals can access critical areas of the SaaS infrastructure, which enables them to compromise the availability and integrity of those services. Over 7 million Dropbox users suffered a data breach where hackers stole their credentials. Traffic from other services was hijacked and other companies were the root cause of the attack. In other cases, hackers will locate ISP-to-ISP BGO (Border Gateway Protocol) and conduct man-in-the-middle attacks.
  • Botnets: SaaS architectures are privileged targets of cyber criminals to infect servers and create a botnet that steals data or use it to abuse the resources of SaaS companies to conduct cyber attacks. For example, they can exploit SaaS applications that lack security for sign-up procedures, which will enable them to create thousands of non-existent users on websites that are using the SaaS application. Also, this can be a legal way to conduct cyber crime if fake customers don’t raise any red flags.
  • Data breaches: Encrypting your data to ward off data breach attacks may have worked in the past, but sophisticated cyber crime methods are able to break in through encrypted controls. Once they’ve gained access, hackers will exploit customer information and may even render some hosted applications or entire servers useless. When Adobe was attacked 2 years ago, hackers managed to steal usernames and encrypted passwords as well as encrypted debit and credit card numbers, which heightened the concerns around SaaS security needs. The outcome was that disclosure of SaaS vulnerabilities and encryption algorithms can be used to bypass security protections for SaaS enterprise data.

What SaaS companies need to do?

To address the ever growing cyber threat, SaaS companies require a change in thinking. The focus must make SaaS infrastructure and network a strategic asset that requires as much as security as border controls do. Attacks like traffic hijacking can be mitigated through an on-premise monitoring system that works in conjunction with authentication codes required for the data in transit.

Also, Massive’s threat intelligence feeds can provide signature data associated with threats like botnets to block such attacks. Using raw data and terabytes of information, SaaS companies can cross-index to determine if their infrastructure was actively siphoned of sensitive information. The feed can detect infection or compromise in multiple locations, including company accounts, networks, and staff member devices.

Ultimately, any company’s data faces the risk of getting exposed regardless of where it is housed, so organizations of all kinds should stay updated on the threats and take appropriate measures to beef up security.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.