Odaseva CISO: Stepping up SaaS security 

This is a contributed commentary piece for ERP Today written by Arnaud Treps, CISO at Odaseva, a company known for its enterprise data platform services for Salesforce, offering tools to keep Salesforce data protected.

Treps writes as follows…

The ever-increasing adoption of cloud infrastructure has created a target-rich environment for cybercriminals. Data is the fuel which powers cloud-enabled enterprises, with organizations storing vast amounts of information relating to customers and transactions in SaaS programs such as Salesforce. Like most criminals, digital threat actors are opportunists motivated by financial gain. When they see an emerging trend, they also see an opportunity to profit.

Attackers are now focusing their attention on SaaS services, seeking to steal valuable data to force their victims to pay a ransom. The number of ransomware incidents soared by 62% between 2020 and 2021, demonstrating the scale of the threat.

No business wants to lose mission-critical data – and that’s not even the worst-case scenario after an attack on SaaS infrastructure. Simply losing access to data is devastating because it interrupts business operations. But if that data is leaked, the organisation could face severe reputational and financial damage, ranging from fines under regulations like GDPR, to the incalculable impact caused by a loss of trust among partners and customers.

In an era where attacks are becoming more common, enterprises must be aware of the risk facing them and take immediate steps to protect their data. This means detecting malicious activity, defeating attacks, and recovering information if necessary to limit the potential damage.

Understanding attackers

Cybercriminals seek opportunities that represent the optimal balance between effort and revenue. While attackers aren’t likely to target Salesforce infrastructure, a company using the Salesforce platform can be an attractive target. Attackers can use standard tactics to steal credentials, such as phishing or social engineering. They can also deploy malware, take advantage of API key leaks, or employ one of the many other techniques in their toolbox.

Once they access credentials and penetrate their target’s Salesforce instance, attackers can leverage APIs to massively export data before replacing it with an encrypted version. Organisations are then demanded to pay a ransom to regain access to the data and prevent further reputational and financial damage.

Companies running on Salesforce are responsible for their data. Many organisations do not realise that their data is their responsibility to protect, not Salesforce’s, as found in a survey by ESG Global finding that 35 per cent of IT leaders ‘do nothing’ to protect SaaS-resident data and “solely rely” on the SaaS vendor to protect data.

This false assumption results in failures to protect end-user device security, safeguard cloud login credentials, monitor third-party applications, or implement proper backups – ultimately leaving the organisation vulnerable to attack.

Protecting SaaS

Deploying security measures should be a priority for any enterprise relying on SaaS for critical business activities.

The first step should involve leveraging security tools that are already in place on Salesforce, such as transaction security, which is a framework that intercepts real-time events and applies appropriate actions to monitor and control user activity.

Detection tools should be used to monitor critical objects for Insert, Update, & Delete events. Thresholds for critical objects should also be set. When these thresholds are broken, administrators should receive email alerts. When an organization detects a ransomware attack, it must move quickly to discover what data has been impacted. 

Data comparison tools can be used to easily and quickly identify if fields, objects, or records have been changed. Data can then be restored from a backup.

It is also crucially important to know if the data can be restored quickly and effectively, so the restoration process should be tested to highlight potential obstacles ahead of time. backup processes must be a part of any disaster recovery plan.

Yet the rise of SaaS also offers enterprises the opportunity to upgrade their security and harden attack surfaces. It is almost inevitable that criminals will target cloud infrastructure. Their success does not have to be a done deal. Deploying the correct security policies today is an investment in the future.