There seems to be a lot of focus these days on protecting enterprise data “at rest” in SaaS applications, and rightly so - revelations like the recent NSA/Snowden news have renewed interest in the overall security and control of data stored in third party infrastructure. The fact that a third party (regardless of who they are) can access sensitive corporate data freely and without notification to the enterprise will continue to be a hotly debated topic for many months to come, and Bitglass is certainly doing what it can to help enterprises solve this problem.
There is however, another side to this coin that isn’t getting the airtime that it deserves: For every SaaS application deployed by an enterprise, there is a corresponding group of users accessing that application from many different devices (both managed and unmanaged). The same folks that are now frantically looking for a solution to keep the NSA from eavesdropping their data are allowing their users to download, email, share, data from myriad mobile devices. Devices that might not even have a passcode enabled. Devices that are left in airport security lines, taxi cabs, restaurants, and more on a daily basis (personally, I have found 3 smartphones in public places in the last 3 or 4 years).
We speak with a lot of CIOs who, of late, have been trumpeting their new role as “enablers” for end users. As this “new” enabler role has been embraced, end user freedom and flexibility has trumped all else, resulting in easy accessibility from anywhere. For many organizations, the weakest link is not the SaaS infrastructure and the SaaS provider’s inability to block the NSA. Rather, the weakest link is the (many) points of access to this data from the outside.
So, as you debate and rethink your cloud strategy in light of recent news, remember that there are two sides to the coin. Both the application, and the point of access must be secured with an end-to-end SaaS security approach.