December 4, 2023 at 06:54AM
During the end-of-year period, it’s crucial to review and adjust SaaS application user roles and permissions, ensuring only necessary access is retained, and offboarded users are removed. This process, including the right-sizing of permissions and elimination of dormant accounts, enhances security and saves on licensing fees. Using a SaaS Security Posture Management (SSPM) platform can automate user monitoring and management, making the process more efficient.
Meeting Takeaways:
1. **Review User Roles and Privileges:**
– Capitalize on the end-of-year slowdown to examine user roles and privileges.
– Remove unnecessary access and trim permissions to save on license fees and enhance security.
2. **Dealing with Offboarded Users:**
– Automatic deactivation via the company’s identity provider (IdP) and single sign-on (SSO) does not cover all SaaS applications.
– Manual deactivation or deletion from SaaS apps is necessary, especially for high-privilege users and apps not connected to SSO.
3. **Guidance on Permission Levels:**
– Implement the principle of least privilege (POLP) to align access with job needs.
– Use group functionality for standardizing permissions where possible.
– Conduct a thorough review of individual user permissions and adjust accordingly.
4. **Eliminate Dormant Accounts:**
– Identify and address risks associated with admin accounts, unused internal accounts, and unused external accounts.
– Disable or cancel accounts that pose a security risk.
5. **Prevent Account Sharing:**
– Discourage the use of shared usernames, which compromise security.
– Implement measures such as MFA and SSO to prevent account sharing.
– Use user behavior analytics and IP address monitoring to detect shared accounts.
6. **Automate User Monitoring with SSPM:**
– Consider adopting a SaaS Security Posture Management (SSPM) platform to automate monitoring and management tasks.
– Use SSPM to swiftly identify inactive users, external users with high privileges, and users removed from the IdP.
**Next Steps:**
– Download the Offboarding Guide for detailed steps on offboarding employees from SaaS applications.
– Consider following the company on Twitter and LinkedIn for more updates.
Remember, the goal of these actions is to start the new year with a secure, well-managed user list for all SaaS applications in use.