Saas Security In 2021

Eric Kaasenbrood Eric Kaasenbrood
January 7, 2021 Big Data, Cloud & DevOps

The migration toward subscription-based services via the SaaS business model isn’t new this year — it’s part of a larger shift away from on-premises datacenters, applications, etc., that has been underway for years. The pandemic accelerated the shift, boosting SaaS subscriptions as companies looked for virtual collaboration and meeting tools.

What is new on a larger scale is the way employees interact with business applications, and that has implications for IT departments worldwide. As a result, companies have to make sure the SaaS vendors keep their company’s data secure, and that their employees use of these SaaS solutions is secure also when end users are not connected to the office network.

In 2021, IT professionals will contend with security risks that have been increased by the expanded use of multiple SaaS vendors, proliferating endpoints and advances in hacking techniques. They’ll respond by beefing up security in three important ways:

IT will up-level security architecture

New ways of interacting with apps will require new thinking about security architecture in the coming year. IP whitelisting for SaaS access only works when employees log into the network before accessing a cloud solution, but there is an increased trend to have direct connections to cloud solutions.

IT will respond with cloud native solutions to reassert control over crucial functions like patch management, configuration management and endpoint protection for devices that aren’t connected to the company network. They’ll also look for BYOD security strategies and take a more modern approach to security architecture that includes cloud-based security and access management protections, such as multifactor authentication and federation with SaaS applications.

Additional security architecture measures in 2021 may include reviews of SIEM log integration and partnership with cloud access security brokers. It will be critical for IT to strike a balance between security policy enforcement and business requirements via the security architecture.

Multidisciplinary teams will improve governance in the SaaS era

It’s clear to IT leaders that unvetted SaaS solutions (shadow IT) pose a variety of risks, including exposure of sensitive information, data ownership issues and regulatory compliance problems. The question is who is best suited to mitigate those risks, and in 2021, more companies will find that it takes a multidisciplinary strategy.

A proactive governance approach requires a defined process involving a multidisciplinary team that ensures visibility and directly addresses risks to keep exposure within acceptable levels. Companies have to classify data in terms of integrity, confidentiality and availability to find the ideal balance between security and costs and determine acceptable risk levels.

Cloud providers share responsibility to keep data secure along with the company, so it’s important to define exactly who is responsible for what. Companies typically manage user access, endpoint devices and data while SaaS vendors oversee apps, virtual machines, databases, etc.

To fulfill their governance objectives, IT leaders will look for SaaS providers that offer multiple configuration options, including password settings/identity federations and authorization models, as well as availability plans to meet goals related to recovery time and recovery points.

Companies will take a macro approach to evaluating SaaS vendors

Comparing vendor security measures against their company’s defined requirements on every point is a tall order, given the volume of cloud solutions employees are adopting. In the coming year, companies will be more likely to evaluate and reevaluate vendors from a higher level by looking at factors like vendor security certifications and assurance reports (ISO 27001, SOC1/SOC2, etc.).

IT leaders will also rely on questionnaires to document security practices, using best practices from organizations like the Cloud Security Alliance to define requirements. Testing will also play a role, either via access to third-party penetration tests shared by the vendor or the vendor’s willingness to accommodate customers’ requests to perform their own tests.

Companies should realize that many SaaS providers will use sub providers, such as AWS, Micosoft Azure or Google Cloud, to host their services. These will bring many benefits as the SaaS provider can leverage the build in security capabilities of those providers. At the same time SaaS users should evaluate that the SaaS vendor does its part to keep data secure as it interacts with the underlying cloud provider.

Additionally, IT will demand that vendors upgrade customer capabilities, including the ability to identify federations or password settings, define user roles, segregate duties, etc. IT will also require the ability to conduct system-to-system integrations in a secure manner when necessary and make sure data location meets any applicable regulatory requirements, such as GDPR compliance.

Conclusion

Use of SaaS solutions surged during the pandemic, and it’s clear that trend will continue into 2021. It’s been a challenge for IT teams to protect data while rapidly expanding access to the devices, solutions and information that enabled business continuity during a once-in-a-century global health emergency. IT leaders and their teams at millions of companies have done heroic work over the past several months.

As 2021 gets underway, IT will be looking to consolidate gains and ensure safe operations. The most forward-thinking IT professionals will meet new requirements by upgrading security architecture, taking a more expansive approach to governance and evaluating vendors more efficiently. These steps will allow their companies to enjoy the benefits of a SaaS environment while mitigating the risks more effectively.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Eric Kaasenbrood

    Tags
    cloudCybersecurityData SecurityHackingSaaSShadow IT
    © 2021, Experfy Inc. All rights reserved.
    Leave a Comment
    Next Post
    Machine Learning Is Going Real-Time

    Machine Learning Is Going Real-Time

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in Big Data, Cloud & DevOps
    Big Data, Cloud & DevOps
    Cognitive Load Of Being On Call: 6 Tips To Address It

    If you’ve ever been on call, you’ve probably experienced the pain of being woken up at 4 a.m., unactionable alerts, alerts going to the wrong team, and other unfortunate events. But, there’s an aspect of being on call that is less talked about, but even more ubiquitous – the cognitive load. “Cognitive load” has perhaps

    5 MINUTES READ Continue Reading »
    Big Data, Cloud & DevOps
    How To Refine 360 Customer View With Next Generation Data Matching

    Knowing your customer in the digital age Want to know more about your customers? About their demographics, personal choices, and preferable buying journey? Who do you think is the best source for such insights? You’re right. The customer. But, in a fast-paced world, it is almost impossible to extract all relevant information about a customer

    4 MINUTES READ Continue Reading »
    Big Data, Cloud & DevOps
    3 Ways Businesses Can Use Cloud Computing To The Fullest

    Cloud computing is the anytime, anywhere delivery of IT services like compute, storage, networking, and application software over the internet to end-users. The underlying physical resources, as well as processes, are masked to the end-user, who accesses only the files and apps they want. Companies (usually) pay for only the cloud computing services they use,

    7 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2025, Experfy Inc. All rights reserved.