12/24/2023 0 Comments Teamsid chrome extension![]() And this number gets even worse for smaller and early-stage companies, where just 22% of employees at companies with less than 50 people have multi-factor authentication enabled.Īnother benefit of implementing strong Google-based authentication is that many SaaS products are increasingly supporting Google Single Sign-on, which means that if you enforce MFA for Google, you’ll automatically get those benefits for all apps that use Google SSO. While this may seems like a requirement in today’s age, our data shows that the average company only has 37% of their employees using multi-factor authentication on their main G Suite account. This greatly reduces the harm that an attacker can do with stolen credentials. The single best thing you can do to improve your organization’s cloud security is to turn on and enforce multi-factor authentication on all products that support it, especially your primary email and collaboration platform (as stated earlier, we recommend G Suite). Here are the areas you should be looking at securing when it comes to your G Suite applications. This harkens back to the concept of people-first security. However, these are no good to you unless they are thoughtfully implemented and automatically enforced. If you are using G Suite for your business, the good news is that you already have quite a few security tools and configuration options at your disposal. securing your core network or production servers.) The Foundation: Configuring G Suite for Security It is also focused more on the security of SaaS operations (vs. It won’t be as relevant if you operate in Office365, for example. However, on the whole, we think these recommendations will apply to a broad range of business sizes and types and are a great place to start.Īdditionally, it’s worth noting that this eBook is focused on organizations who use G Suite. On the other end of the spectrum, enterprises will find many of these recommendations appropriate, but may need to take things a few steps further to fully mitigate risk. Very small businesses may not be ready to implement some of these controls - and there may not be a need. In particular, we have focused on the broad range of small to mid-sized businesses, or SMBs. In this guide, we’ll share best practices for building a SaaS security stack that is realistic, usable, and focused on the way modern organizations conduct business. The rest of this guide helps get your from wherever you may be on the spectrum, to a blissful state of secure SaaS usage. The best case is to use a single access point to unlock access to company applications, and to create an easy centralized point to enforce human friendly security policies. In this situation, the onus is on each employee to manage their own security, which means they will typically re-use passwords, share them via insecure spreadsheets, or create other systems that work for them but not for the company. Most organizations start off with no policies or systems. On the other side of the spectrum, some organizations employ arcane security practices (like forcing users to change their passwords at regular intervals for no real reason) that are not user-friendly and are thus often skirted by employees.Ībove is an illustration shows a spectrum of SaaS security and access, to help you understand where your organization falls today. Both ad hoc or absent security policies can open you up to a whole world of vulnerabilities. This can be dangerous, since it often means you aren’t thinking about security until after something bad has happened. Many organizations tackle security on an as-it-comes basis. We also believe it’s best to have fewer vectors, rather than more, and to harden these as much as possible (we’ll explain what this means in more detail below). In other words, take human error out of the equation whenever possible. Generally speaking, we believe that you should rely more on systems and guardrails than on user actions and training. It’s key to build your security policies and procedures around people, including taking the time to understand what is intuitive and user-friendly and thus most likely to be adhered to. When it comes to security, your people can be either your best line of defense or your weakest link.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |