How Varonis' approach to SSPM helps your company

When someone says the word "hacker", you probably imagine one of two things.

Either you'll imagine skilled cybercriminals creating malware, running brute force attacks, or performing SQL injections.

Or you'll think of the Hollywood cliche of someone in a hoodie, sitting in a dark room, hammering away at a keyboard for 30 seconds before proclaiming: "We're in!".

What you probably don't imagine is someone simply pasting a URL into Postman, hitting Send, and getting back 11 million customer records.

But that's exactly what happened to Optus, Australia's second biggest telecoms company.

An employee misconfigured an API to expose a customer database with no authentication, and hackers were able to steal all those records. They then demanded a $1 million ransom to not leak the data.

Such a small mistake can have massive ramifications, and this situation highlights the importance of using SSPM (SaaS Security Posture Management) tools in your information security strategy.

We wrote about what SSPM is, and unfortunately, it's not as cut and dry as just buying any SSPM and hitting 'Go'. The issue with most SSPM tools is that they only do half the job.

They audit the configuration of your SaaS and cloud apps, but they don't audit the data itself. They also do nothing to actively resolve the issues it finds. Which means even if they find issues, You've still got to investigate and fix them yourself. Which can be both time consuming and expensive.

Varonis approaches SSPM differently, taking a data-first approach, and using automation to resolve the issues it detects.

This gives you a clearer view of where there are risks, and how they can be mitigated.

In this blog post, we will cover:

• The importance of protecting yourself against misconfiguration
• How most SSPM tools don't provide enough protection
• How a data-first approach is the best way to stop attacks

By the end of this article, you will have a clear idea of how Varonis safeguards your SaaS tools, and actively works to protect your data.

If you need help protecting your company data, book a test drive to see how Varonis can help. You'll also get a free risk assessment customized for your company.

Security incidents caused by misconfiguration

Unfortunately, the Optus example we mentioned isn't an isolated case. Misconfiguration has caused issues for countless companies, and even the US Defense Department.

The Cloud Security Alliance found that nearly half of organizations reported they had dealt with one or more security incidents because of a SaaS misconfiguration.

The problem is that the bigger your organization is, the more likely mistakes will happen. We're all flawed human beings, who sometimes get things wrong, or make bad decisions.

This is especially relevant when you consider the increased reliance on cloud storage solutions like Google Drive and Office 365, and SaaS apps like Salesforce in storing data and carrying out key business processes.

This leaves companies vulnerable in ways it can feel impossible to solve. If you lock things down too much, you stunt the productivity of your teams, but the more freedom they have, the higher the risk of something going wrong.

This is why it's so important to use tools that make this easier, and actively help you solve the issues within your company.

SSPM tools help you identify misconfigurations

This is precisely what SSPM tools are designed to do.

SSPM tools help organizations manage the security of their SaaS applications, and identify areas of risk and misconfiguration

Most commonly, they do this by auditing your SaaS applications, identifying misconfigurations, and providing a list of recommendations for remediation.

This allows you to resolve these issues, ensuring your SaaS and cloud storage applications are set up the right way, and you're protected from the issues we talked about above.

But most of these tools only solve one part of the problem. They don't take into account that people in your organization create huge amounts of data all the time.

This means that a list of recommendations becomes out of date almost immediately, so as soon as you've resolved the issues, there will be a bunch more you don't know about.

Another issue is that using an SSPM tool in isolation will only get you so far.

The goal of any security tool or approach is to reduce the blast radius as much as possible, as quickly as possible. The smaller the blast radius, the lower risk of attack or breach.

But by focusing solely on SaaS misconfigurations, you're only reducing your blast radius a small amount. It will definitely help reduce risks, but you can't feel confident that the data in those applications is secure with just an SSPM tool.

And let's be clear, protecting your data is the number one priority.

Instead, you need to look at the posture of not just the configurations, but the SaaS data itself. And you do this by combining SSPM with DSPM (Data Security Posture Management).

How Varonis secures your SaaS

Instead of just auditing the configuration of your SaaS, Varonis takes a data-centric approach, tackling the whole problem.

This way, we can reduce your blast radius as much as possible.

We do this by not only giving you much better visibility of misconfigurations, but also by allowing you to analyze your SaaS security at the data level. This includes where your data is, who can access it, and what they did with it.

We also use automation to remediate issues we find with your data. This can vary from misconfiguration, through to the SaaS permissions themselves.

Here are breakdowns of the 6 capabilities we use to secure your SaaS apps:

Misconfiguration detection

As we've already discussed, misconfiguration of your SaaS platforms can be a huge factor in the security of your data.

As per the 2021 Gartner report on Cloud Security Hype Cycle, more than 99% of cloud breaches will be avoidable, and caused by misconfigurations and end-user mistakes, through 2025.

This is why it's so important to automatically pick up misconfiguration issues.

The Varonis misconfiguration detection protects you from this, identifying issues, as well as highlighting where improvements can be made.

As well as raising exposure risks, we also flag where there are compliance issues, or where improvements can be made.

We don't just stop at a list of issues, though. We continue to scan your SaaS configuration, and alert you when configuration changes have been made or if sensitive data has been made public.

This gives you the peace of mind that your SaaS platforms are always configured correctly, and you're not going to be caught out by user error.

Data Access Control

This is where you start to see the value of combining SSPM with DSPM. Varonis not only analyzes the configuration of your apps, but also audits the security posture of data that's stored in the SaaS.

You can drill down to any folder or specific piece of data, and see who can access it. You can easily see what level of access each person has at a glance, using simple CRUD labeling (Create, Read, Update, Delete).

You also have a bi-directional view, so as well as analyzing the data, you can look at a person, and see all the data they have access to. We also tell you whether the data has been shared, and tagged as Org-Wide, External, or Public so you know exactly where it's been shared.

User Activity Auditing

It's all well and good knowing what someone can do, but it's also vital to track what someone has done with the SaaS data. This is why our User Activity Auditing is so important.

Varonis aggregates data access and authentication events, producing an audit trail that's easy to read and analyze.

These events can also be used for real-time alerting, so issues can be caught and resolved quickly.

Classification

We also classify your SaaS and cloud data into categories, giving you better visibility, and making it simple to sort and filter the data.

This includes categories like PII, Security, Financial, etc. Which you can view at a folder level, or drill down through sub-folders and analyze individual pieces of data

Remediation

We talked before about how a list isn't enough to mitigate the risks around your SaaS app data. With Varonis, you can easily fix misconfigurations with our automated posture management feature.

Unlike many SSPM solutions, which can open a support ticket or trigger a workflow, Varonis actually executes the change in the SaaS application that is misconfigured--instantly making you safer.

This button triggers Varonis to automatically fix the flagged issues, whether it's a misconfiguration or an access issue.

This saves you having to manually locate and fix the issues yourself. One click and the issue is fixed, and the alert is gone.

It saves you a lot of time!

Automation

Speaking of saving time, clicking a button can get tiresome after a while.

So once you've reviewed the results and chosen what to remediate, our least privilege automation automatically remediates the permissions and access for you.

And it only takes four simple steps:

1. Identify the scope of the automation, based on your high priority areas
2. Configure your remediation rule behavior
3. Run rules to review the expected changes
4. Turn it on, and track the progress

Doing this, your issues will automatically be remediated as they come up, without you having to lift a finger.

Varonis in action

When a college in the US was informed someone in their school was storing copyrighted materials in Google Drive for distribution, they had no way to know who it was.

There were thousands of students, and all they had was a system log to go off, so of course it felt like an impossible task to identify the culprit.

But by combining the SSPM and DSPM tools in Varonis, they solved the mystery.

They audited the data, including the configuration, permissions and access logs. This helped them quickly identify the drive where the data was stored, and the person responsible for it.

Then they enforced least privilege across the college to prevent this from happening again, and configured alerts to detect abnormal behavior going forward.

Now they have a clear view of all their data, and can proactively stay on top of threats and issues.

Now, if you've ever managed (or tried to manage) permissions in Salesforce, you're probably reading this thinking "Sure, that's all well and good in Google Drive or Box, but there's no way you can do this with Salesforce".

We get it, Salesforce holds some of your most valuable data, and it's notoriously complicated.

But everything we've talked about here can be done in Salesforce:

• Easily see who has access to what records, files, and attachments in a bi-directional view
• View clear audit logs of who has accessed what, and what they did with it
• Automatically classify all your Salesforce data, so you can identify areas of risk and sensitivity
• Locate any misconfigurations, and fix them with one click of a button

Read how we helped one of America's top real estate organizations protect sensitive data in their SaaS apps (including Salesforce) in our case study here.

In closing

If you want to avoid joining Optus and the US Defense Department on the growing list of breached companies, it's vital to have an effective SSPM tool.

But most tools only do a small part of the job, and focus only on misconfigurations, and leave you with a list of issues to fix.

This leaves you vulnerable to a much bigger blast radius.

Instead, you should take a data-first approach, by combining your SSPM with DSPM. That way, the data in your SaaS and cloud applications will truly be protected, and your blast radius will be much smaller.

That's what Varonis gives you, a full view of not just how it's configured, but also what data it holds, and who has access to it.

After all, your data is the thing you need to protect.

Varonis does this by giving you the tools you need, while automating most of the work:

• User Access Monitoring
• User Activity Auditing
• Misconfiguration Detection
• Classification
• Remediation
• Automation

So you can rest easy knowing your data is secure, whatever app it's stored in