Modern SaaS Security: How to Secure Email, Data, User Access in the Age of Cloud Apps

SaaS applications have changed the way employees and organizations operate, how an application is purchased and provisioned, and how employees access and use the apps.

Today, IT departments are no longer a part of this process. As a result, security gaps arise due to the lack of sufficient control and visibility for which applications are hosting corporate data.

With the ease at which SaaS applications can be rolled out — and the benefits of increased productivity and agility — it is easy to forget that the organization is responsible for securing data and managing access for SaaS applications.

Cloud Security | Shared Responsibility Model for SaaS
Data Security & Compliance	Customer Responsibility
User & Device Access
Application Security	Cloud Service Provider Responsibility
Network Security
Infrastructure Security

To adopt SaaS applications in a secure manner, proactive organizations use SonicWall Cloud App Security 2.0.

What is Cloud App Security 2.0?

SonicWall Cloud App Security offers comprehensive next-generation security for your users and data within SaaS applications, including email, messaging, file-sharing and file storage.

Cloud App Security seamlessly integrates with sanctioned SaaS applications using native APIs. This approach provides email security and Cloud Access Security Broker (CASB) functionalities, which are required to protect the current SaaS landscape. This includes:

• Visibility. Identify all cloud services (both sanctioned and unsanctioned) used by an organization’s employees. This includes visibility of east-west traffic (cloud-to-cloud) as users can authenticate to unsanctioned apps using sanctioned IT, such as Microsoft Office 365.
• Next-Gen Email Security. As email becomes the most popular SaaS app used, protecting the popular threat vector is key for SaaS security. The secure email solution includes attachment sandboxing, time-of-click URL analysis and Business Email Compromise (BEC) protection.
• Advanced Threat Protection. Prevent malware propagation through cloud apps, such as OneDrive, Box and Dropbox, with real-time scanning for known threats. The integrated Capture Advanced Threat Protection (ATP) sandbox service mitigates both known and never-before-seen cyberattacks.
• Data Security. Enforce data-centric security policies by offering granular access controls and preventing upload of sensitive or confidential files. The solution incorporates role-based policy tools, data classification, and data loss prevention (DLP) technologies to monitor user activity and block or limit access.
• Compliance. Collect an extensive audit trail of every action, including real-time and historical events, and provide simple DLP templates to enforce policy controls and regulatory compliance in real time.

SonicWall Cloud App Security

When deployed with a SonicWall next-generation firewall (NGFW), Cloud App Security offers shadow IT visibility and control at no extra cost. SonicWall Cloud App Security ensures the safe adoption of cloud applications — all without impacting employee productivity and at a low total cost of ownership (TCO).

Security for Cloud Email Services & Platforms

Drawbacks of a Secure Email Gateway

Typically, when organizations move their email to the cloud, they either rely exclusively on the email provider’s built-in security or supplement it with a traditional secure email gateway. This approach is inefficient because the gateway:

• Introduces a point of failure
• Does not provide visibility or control over email beyond the gateway
• Does not protect against new email threats, such as account takeover attacks
• Does not protect against other apps in the cloud office suites

SonicWall Cloud App Security includes email security designed for cloud email platforms, such as Office 365 and G Suite.

The solution delivers virtual in-line protection using real-time APIs to intercept and stop malicious email from reaching your employees’ inboxes. This approach enables Cloud App Security to:

• Preserve the native cloud experience
• Provide comprehensive visibility and granular control
• Protect against Business Email Compromise (BEC) and account takeover attacks
• Secure the entire suite of apps in your cloud office platforms

Secure Your Entire Cloud Office Suite, Including Office 365 or G Suite

_{When organizations move to cloud office solutions, such as Microsoft Office 365 and Google G Suite, a whole suite of productivity tools become available. SonicWall Cloud App Security protects entire productivity suites.}

Data Security for Sanctioned SaaS

SonicWall Cloud App Security does not sit in the traffic path of user-to-cloud or cloud-to-cloud. Instead, the solution analyzes all cloud service traffic (e.g., log events, user activities, data files and objects, configuration state, etc.) and enforces the necessary security policies through direct integrations with native APIs of the cloud service.

This enables the solution to provide coverage for that app, regardless of the user’s device or network. The solution provides easy deployment, granular control and zero impact on the user experience.

Only API-based solutions can inspect data-at-rest within SaaS apps since inline, proxy-based solutions inspect only the data uploaded to the cloud from behind a firewall. Since many organizations already have a large volume of data stored in the cloud, APIs are used to enforce policies on this data.

Other capabilities — only possible when connecting directly to an app via API — include the ability to scan security configuration settings within the app and suggest changes that bolster security, as well as the ability to scan the sharing permissions on files and folders to assess the risk of third-party and external access to corporate data.

Cloud App Security provides deep visibility, advanced threat protection using Capture ATP sandbox and data loss prevention for SaaS applications, such as cloud-based email, alongside file sharing and cloud storage apps like Google G Suite and Microsoft Office 365.

Cloud App Security Made Simple, Affordable

• Zero Friction. Out-of-band scanning does not result in any change in user experience, such as adding latency or breakage of application behavior. In addition, the solution can be deployed within hours without any downtime and administrative overhead
• Universal Coverage. API-based scanning not only covers the “north-south” (user-to-cloud) traffic, but also provides coverage for “east-west” (cloud-to-cloud) traffic. As cloud adoption increases in organization, cloud-to-cloud traffic becomes the significant portion of cloud usage.
• Ability to Introspect Traffic. Inline security solutions can only apply changes in security policies for the new traffic coming forward. However, the APIs allow you to retrospectively apply the policies for all data-at-rest, including all new traffic.

SonicWall’s Platform Approach to Cloud Security

To protect SaaS applications, SonicWall Cloud App Security leverages the SonicWall Capture Cloud Platform, which combines the global security intelligence of the Capture Threat Network and the advanced threat prevention of the multi-engine Capture ATP sandbox. The cloud-native solution is delivered through Capture Security Center

SonicWall extends automated, real-time breach detection and prevention capabilities into SaaS environments, helping organizations safely leverage cloud applications to enhance employee productivity and enable collaboration.

SonicWall Cloud App Security ensures the safe adoption of cloud applications without impacting employee productivity and at a low total cost of ownership.

This post is also available in: Portuguese (Brazil) French German Japanese Korean Spanish