Backup as a Service
Backup as a Service

Secure Your SaaS: Best Practices for Resilience and Visibility

April 8, 2024

In today's increasingly complex and cloud-driven world, organizations face a challenging balancing act: cut costs and deliver operational excellence while defending against persistent cyber threats. A recent webinar hosted by HYCU and Okta delved into strategies for SaaS resiliency, focusing on gaining complete visibility and protection across cloud-based environments.  

The Expansion of the Attack Surface

As Mark Nijmeijer from HYCU pointed out, the average midsize organization now uses around 200 SaaS services. While cloud adoption and SaaS proliferation enable business agility, they have also drastically expanded the potential attack surface. Only about half of SaaS services are centrally managed by IT, meaning many applications containing sensitive data fly under the radar. Lack of visibility is the core issue - you can't protect what you don't know about.

Identity as the Critical Security Layer

In an IT landscape that has evolved far beyond the traditional perimeter-based model, identity has become the essential security layer. Okta's Aakash Chandhoke explained how their identity platform integrates access management, identity governance, and privileged access management to safeguard every user, device, and resource. As the "front door" to the datacenter that now spans multiple clouds, identity is now mission-critical infrastructure. Any identity-related disruptions or breaches can grind productivity and revenue to a halt.

The “front door” security must be managed in combination with other security measures, including physical security, network security, and employee training and awareness

Architecting for Trust and Resilience

To reliably handle billions of monthly authentications, Okta has engineered their platform with an “always on” architecture that is secure by design and built for scale. Their active-active-active approach leverages multiple availability zones within each region for fault tolerance. For disaster scenarios, Okta provides standard recovery (1 hour RPO/RTO) and enhanced disaster recovery with faster 5-minute failover.  

Customer Responsibilities with SaaS and Cloud

Still, some responsibilities fall to the customer under the shared responsibility model. Cloud and SaaS providers like AWS, Atlassian and Okta can't restore accidentally- or maliciously-deleted objects like users or policies in individual customer tenants. This is where third-party backup solutions come in. But before customers begin protecting SaaS and cloud apps, they need to understand how many SaaS apps are being used across their organization – even outside of IT.

Bringing Okta Discovery to Life – Visualize your data estate  

HYCU's R-Graph tool builds on data from the Okta Integration Network to provide a visual map of an organization's SaaS estate, highlighting any unprotected applications. This enables quick identification of gaps and brings Okta discovery to life.  

R-Graph gives organizations:

  • A visual discovery of their data estate  
  • Categorization of their cloud and as-a-service applications by department
  • Visibility of SaaS apps vulnerable to data loss and disruption without any backup capabilities
  • Continuous monitoring of compliance and protection status

Layering in HYCU's R-Cloud solution allows automated, policy-based protection of Okta itself and the discovered cloud services.  

R-Graph solution visual
R-Graph solution visual

Key Takeaways and SaaS Backup Best Practices

Once you’ve discovered your SaaS data estate, it’s time to protect critical applications. When configuring cloud backups, follow these best practices:

  • Aligning backup policies (defining RPO and RTO) with SLAs dictated by the business for the applications that are in use  
  • Enabling data-at-rest encryption and write once, read many (WORM) policies to safeguard backups against deletion or encryption attempts.
  • Leveraging your own storage for data sovereignty and control
  • Using identity-based access controls to limit permissions and reduce scope

As underscored throughout the session, robust SaaS data protection relies on several key pillars:

  1. Maximizing discovery and visibility  
  1. Deploying strong identity-based access controls
  1. Designing a multi-layered security approach  
  1. Ensuring data resiliency with secured, immutable backups
  1. Gaining peace of mind through tested and reliable recovery

While cyber risks continue to evolve, organizations that prioritize these best practices will be well-positioned to mitigate data loss, comply with regulations, and swiftly respond to adversity. Leveraging trusted platforms like Okta and HYCU is a powerful step toward building a resilient, always-on SaaS environment.

Remember, in today’s complex IT infrastructure, it’s not anymore IF you will experience a cyber attach, it is WHEN.  

Interested in learning more?

Author: Mark Nijmeijer, Senior Director, Product, HYCU

Follow us

Get started today

Seriously, you really need to experience HYCU to believe it.