Before Blaming Hackers, Check Your Configurations

Written by

Improving configuration management in Software-as-a-Service (SaaS) applications can minimize the risk of data loss, phishing campaigns and prevent breaches. How can the IT team put up guardrails for users?

Defaults Make Life Easy--for Hackers
Widely-used cloud platforms, such as Office 365 from Microsoft or G-Suite from Google are often administered by IT professionals tasked with all aspects of configuration; security is not their primary focus. 

As with most SaaS, the default settings are tuned to empower end-users with full control over collaboration and data access. The default also often weighs easy access and usability over better security.

At the same time, these desirable capabilities provide ample exposure to end-users’ mistakes that lead to data and security breaches. Revisiting those defaults can go a long way to improve security. 

With that in mind, it’s no surprise that Gartner predicts that “through 2023, at least 99% of cloud security failures will be the customer’s fault.” As Gartner emphasizes, organizations often lack the knowledge, budget, or sense of urgency to optimize their cloud security. Hackers know that cloud assets are more uniformly configured and share the same default settings, making each exploit relevant to huge numbers of organizations. 

Breaches That Start with Misconfigurations
Some large-scale data breaches have been due to public file shares, unencrypted data, compromised accounts and weak password settings. 

In many of these cases, the default settings--for example the unlimited ability to share data outside the organization--is partly to blame for the breach. 

On top of this, SaaS providers continuously (and sometimes drastically) update their environments with new features. Such updates focus on backward compatibility and smooth upgrade, not on security. Since SaaS upgrades are ‘pushed,’ few admins have visibility into when they arrive enough time master the related security configurations before they go live. 

Another issue is changes to the security management itself. For example, in an effort to provide better security in Office 365, Microsoft moved and changed most security configurations into the updated Security & Compliance Center. This change presents ongoing challenges to staying on top of cyber threats

The Small Inconvenience That Pays Big Dividends 
Many organizations see a constant flow of credential harvesting phishing attacks. Those using Office 365 in particular have reported an uptick in compromised accounts. 

While security-conscious firms may have opted for multi-factor authentication (MFA) enforcement and password strength requirements, a must-have in the age of SaaS, these are not among the “out of the box” settings. 

Setting up MFA is not straightforward. For example, In Office 365, Microsoft offers two separate solutions (ADFS and Azure AD). Moreover, important configurations such as disabling legacy authentication, login monitoring, and conditional access are often never explored. 

Staying Ahead of the Hackers  
There are many additional configurations that help decrease the surface area of attack. Some areas of interest are mail flow rules, spam rules, and threat protection policies. At the same time, attack vectors constantly change and SaaS provides constantly add security features.

Those are often not activated by default, and IT managers must continually train themselves and explore new features and configurations as those platforms continue to evolve. 

By educating themselves on configurations across platforms, admins can better understand the impact of tuning on threat management. This can often be obtained by reviewing release notes, periodically visiting the SaaS vendors’ security center, for example.

When it comes to securing cloud-based collaboration environments, revisiting defaults, periodic review, and thoughtful selection of configurations are the first step towards a more secure SaaS. Good configuration is good security!

What’s hot on Infosecurity Magazine?