The prevalence of available application programming interfaces (APIs) is a major benefit to security teams in organizations that are heavy consumers of software-as-service (SaaS), as it opens up more opportunities to replace manual work done in a bespoke dashboard or tool interface with scriptable, programmatic work.
However, integrating with each API requires significant engineering resources, something often unavailable to an already overloaded security team. A SaaS control plane, which is used to manage data in apps, creates the opportunity to abstract away the complexity of individual APIs and centrally manage security policies, controls, access, and visibility.
Centralized Management
In many contexts, technology can be scaled by centralizing and standardizing. The abstraction layer provided through a SaaS control plane can be a powerful force multiplier for security teams that are being asked to work with more and more SaaS solutions, stay up to date on compliance, enable business outcomes, and protect a wide range of applications and data.
Authentication and authorization are a big part of this. Consider the risk scenario where users’ access is left enabled following their departure from an organization. Data exposure, unauthorized configuration changes, bad PR, failed compliance audits — there’s a lot of bad that can come from this seemingly simple oversight. Having the ability to connect identity management tooling with SaaS and then report on possible deviations helps manage that possible risk.
Automation
A control plane can open up opportunities to automate many security-related tasks, such as configuration assessments, on-boarding and off-boarding users, and alert routing. Security teams are so often in a position of having more work to do than they had planned for, making managing one’s time and priorities a top priority. Automation is a force enabler. When security teams are enabled in this way they, in turn, can work to enable other parts of an organization.
Automation also drives consistency. When it comes to security, consistency and predictability are huge benefits. A significant percentage of data breaches relating to cloud resources tie back to misconfiguration in some way, shape, or form. Automation reduces and, in some cases, removes the potential for human error, which is an overall win for risk management.
Visibility
A security control plane provides a central point of visibility into the security of a network or system. This benefit extends to the SaaS ecosystem, which can produce visibility into the state of security controls, users, and activity occurring within a given solution. SaaS solutions don’t expose their underlying infrastructure and application logs. But in many cases, you can get access to tenant-specific activity occurring within your organization’s account.
Often these activity logs are kept within the solution’s web interface, making it difficult for a security team to analyze those logs alongside of other log sources. When SaaS providers expose the API endpoints for tenant logs, it enables teams to collect and centralize these logs. With that done, they can be used to support several security-focused use cases:
- Real-time alerting as part of a broader detection and response capability
- Post-breach or incident analysis
In both cases, having logs centralized is essential and time/speed is of the essence.
Compliance
Compliance is sometimes considered a dirty word in cybersecurity. But the truth is that it drives much of what happens in the industry. An API-centric SaaS control plane can be leveraged to produce verifiable reports on security controls in the context of compliance frameworks. This can streamline the security team’s time to respond to audits and vendor risk assessments. Both of these activities are traditionally big drains on a team’s time and focus as they’re often really important, time-sensitive, and tedious.
Concluding Thoughts
APIs in this context are already a game changer for security teams. Abstracting them away with a control plane and standardizing is an even bigger one. The more SaaS presence within an organization, the bigger the impact. All of this work moves security teams in the direction of less overhead and faster time to implement new ideas, workflows, and security controls. For teams that are almost always working against a backdrop of staff and budget shortages, this technology can deliver substantial benefits.
