SaaS Application Security, Provided by UKM and BYOK
Software-as-a-Service Use Case: KeyNexus’ UKM is the “key” to SaaS Application Security
Recent years have seen the growth of enterprises using Software-as-a-Service (SaaS) applications. The International Data Corporation forecasts that in 2018 global spending on cloud services and infrastructures will reach $160 billion. Of this, approximately two-thirds will be spent on SaaS applications. If the sheer amount spent isn’t indication enough of the prominence of SaaS, Cisco’s estimate that by the end of 2018 nearly 60% of workflows would be done via SaaS surely is. But, at the same time as they have proliferated, cloud-based services have also presented threats to data security. Previously, we offered several best practices to help get cloud-based companies on the road to security. But let’s look at a concrete, but hypothetical, example related to SaaS application security and key management.
In line with industry averages, ABC Publishing Company uses more than 20 SaaS apps as part of its software infrastructure. Each of these apps is extremely useful for ABC: they control costs, by being pay-as-you-go and avoiding costly overhead associated with on-premise and non-SaaS alternatives; they are intuitive and flexible, capable of being adapted and scaled to ABC’s changing organizational needs; and they are accessible, only requiring a basic web browser to use them. ABC does not want to stop using these SaaS apps, and will likely integrate additional SaaS apps in the future. All these benefits aside, ABC holds major concerns regarding their SaaS application security, as their providers have access to their data. To alleviate these concerns and fully embrace the cloud story and all the efficiencies it promises, ABC wants to employ solid data security practices, including gaining full control of their encryption keys, in line with the Cloud Security Alliance’s best practices suggestions. Not all SaaS apps allow for this, but, where possible and where their most sensitive data is concerned, ABC wants to retain control over their keys.
KeyNexus’ Unified Key Manager (UKM) is an easy, efficient and secure third-party solution to this problem. Using a flexible architecture, our UKM would allow ABC to bring their own key (BYOK). With any SaaS app that has exposed BYOK functionality, ABC could use our UKM to retain control over their encryption keys and follow the best practice of separating encryption and key management functions, giving them important encryption key management control for their cloud data. Centrally, BYOK ensures encryption keys remain in the hands of ABC. Our UKM comes equipped with powerful logging and auditing options that would provide them with further operational and security data, including the ability to track who is logging in, how they are logging in, when and how often. This information allows for important forms of defense against malicious behaviour, including the ability to disable keys, making it impossible for sensitive data to be decrypted by third-party service providers or anyone else. But ABC also wants to plan for the future, retaining flexibility and scalability as they follow the trend towards greater SaaS workflows. With its centralized approach to key management, our UKM could be further scaled to accommodate new BYOK-compatible SaaS apps that they might begin using in the future. Finally, if ABC retains any on-premise or hybrid encryption processes, our UKM could also be integrated into these.
Boiled down to the basics, our UKM would give ABC the security it needs, while also scaling for the future, ultimately providing a superior return on investment. For more information on how we can help you with your SaaS or other BYOK use case needs, contact us or request a demo.