How to Think About SaaSOps Security: It All Starts with User Interactions
January 7, 2020
3 minute read
This article is excerpted from BetterCloud CEO David Politis’s new book, The IT Leader’s Guide to SaaSOps (Volume 2): How to Secure Your SaaS Applications. To learn more and get a copy, click here.
User interactions are the actions your users are taking to get work done—the processes they’re performing inside SaaS apps, the people they’re interacting with, and the data they’re interacting with. It’s how they’re using SaaS apps, which is at the heart of SaaSOps.
My definition of an interaction is:
interaction noun
: a user’s activity in relation to other users, data, and devices.
Work in the digital workplace is being done through interactions today. Yes, you use devices and SaaS apps to get your job done, but devices are merely access points—a way to get on the internet (and, by extension, to SaaS apps). The actual work—the activity you engage in to achieve a result—occurs through interactions within those apps.
Examples of interactions: who and what you interact with
Here are some examples (some riskier than others) of how people interact in the digital workplace.
Interactions with users:
- You send a Google Drive file to an intern in Slack.
- You share a PDF in SharePoint Online with a part-time designer.
- You share a spreadsheet in Dropbox with a competitor.
- You email a confidential financial report through Outlook to an employee in the sales department.
- You share a roadmap in Google Drive with a former colleague.
- You assign an Office 365 license to a new employee.
- You share a SoW in Box with a partner.
- You invite an external copywriter to join the product launch team in Microsoft Teams.
- You make a Help Desk Admin a Super Admin in G Suite.
Interactions with data objects:
- Files
-
- You export 200 reports (.csv) from Salesforce in one day.
-
- You download physician’s treatment logs (.docx) and photos (.jpg) from Dropbox.
-
- You upload an executable file (.exe) to OneDrive.
-
- You delete a Google Drive folder containing assembly line schematics.
-
- You export an employee compensation summary report (.pdf) from Workday.
-
- You email an RFP (.pdf) to an agency using Outlook.
-
- You open a spreadsheet (.xlsx) containing employee bank account numbers and Social Security numbers.
- Folders. You download an entire folder of contracts from SharePoint Online.
- Calendars. You share an editorial calendar in Google Calendar with the sales team.
- Slack channels. Your PR contractor, a Single-Channel Guest in Slack, joins the #pr channel.
- Groups. You create a new public Office 365 group that anyone in the company can view and join.
- Permissions. You edit dashboard permissions in Splunk.
- Tickets. You submit an incident report in ServiceNow that then gets assigned to a support agent.
- Emails. You create a filter in Gmail that automatically forwards any work email containing the words “sales leads” to your personal Gmail account.
- Surveys. You create a customer survey in SurveyMonkey that has a public link.
- Meetings. You join a Zoom meeting with a customer.
- Trello boards. You keep track of feature requests on a public Trello board.
- GitHub repositories. You upload and commit an existing file to a GitHub repository.
- Applications
- You add 30 apps to your company app catalog in OneLogin for SSO.
- You create your own custom app to streamline resource allocation.
- You download the Pokémon Go app (a third-party app) using your work credentials.
Interactions with devices:
- Laptops. You wipe a MacBook Air using Jamf.
- Mobile devices. You automatically install security policies and Wi-Fi settings on corporate-owned iOS devices using AirWatch.
- Interactive whiteboards. You sketch and co-edit a flowchart in real time using a Cisco Webex Board.
- Echo devices. You sit in a conference room and say, “Alexa, join my meeting.” Alexa finds the upcoming meeting on your calendar, turns on the video conferencing equipment, and connects you to the meeting.
- VoIP phones. After a call ends, voice AI automatically detects and displays action items or next steps mentioned during the call.
In our next blog post, we’ll discuss why securing user interactions is critical for SaaSOps.
Looking for more SaaSOps info? Check out www.bettercloud.com/saasops/ for in-depth webinars, books, success stories from SaaSOps practitioners, and more.
To learn more about how BetterCloud can help you manage and secure your SaaS applications, request a demo.