Security "Bits"

SaaS Holes - Part 1: Identity Sprawl

By Annie Wang | October 9, 2014 at 5:30 AM

Identity sprawl


61% of today’s enterprises have adopted the cloud. That’s almost 2/3 of all the enterprise across the world! Cloud app vendors are capitalizing on this movement. Here's how Microsoft refers to their cloud app Office 365: 

"Office 365 gives you the power and flexibility to get things done from virtually anywhere." - Microsoft

This epic shift to cloud (and use of SaaS) not only causes a need for cloud apps to support the shift, but also for IT security to develop ways to secure these applications. If your IT security team can’t keep up with the cloud, or doesn’t have the time/budget necessary to do so, security gaps are often a result. So, what are the most common security gaps that are created once you migrate your company’s sensitive data to the cloud?

The good news is that you don’t have to try and answer that question on your own. Our goal as a CASB (Cloud Access Security Broker) is to enable you to secure and watch over your SaaS applications. 

This 4 part blog series will teach you how to protect your company’s data now that it’s in the cloud (and probably save your IT security team from a few sleepless nights in the process). In this post we’ll be discussing identity sprawl.

Now, lets talk about these pesky SaaS holes... 

The Hole: Identity Sprawl

password security


PAUSE: Before you read any further, close your eyes and think of all the different passwords you have to remember (seriously…do this). You’ve got email, a bazillion work apps, banking app, social media apps, ESPN Fantasy Football (good luck this season BTW) apps, and probably a million others.

One of the biggest issues with most cloud apps (Office365 being a major one) , is that they aren’t integrated well with existing corporate identity systems by IT (who is often strained by lack of time of budget). This means that instead of making things easier for your employees, you end up adding to the endless list of passwords that they need to remember.

Employees with too many passwords are more likely to reuse the same passwords over and over again (you know we’ve all done this). Some of us even resort to writing all of our passwords down on sticky notes. These bad practices end up increasing the likelihood of having passwords compromised, increasing the attack surface that enterprises need to secure.


The Fill: Single Sign-On

Single sign on

So, what can you do to ensure identity sprawl doesn’t occur at your company?

Deploy a single sign-on (or SSO) system so that your employees only have one password to remember and manage. This will drastically decrease your attack surface (this process is called surface reduction). The system is exactly what it sounds like, one password for all of your cloud applications.This also makes it easy to remove access to mission critical applications if an employee ever leaves the company. Simply de-activate them from Active Directory and wallah, no more access.

Stay tuned for my next post in this series. I will be discussing how to monitor and manage suspicious activity. In the meantime, follow @Bitglass to stay up to date with what’s going on in cloud and mobile security! 



Chris is a Product Marketing Manager at Bitglass. Be sure to engage with him @Bitglass and @cchines



see all