From communication tools to order management and fulfillment systems, much of today’s critical retail software lives in SaaS apps in the cloud. Keeping those applications secure is critical to ongoing operations, chain management and business continuity.
Breaches in retail cause seismic shocks. Ten years later, many people still remember the national retailer whose 40 million credit card records were stolen. Those attacks have continued. Last year saw 629 cyber security incidents in the region, according to Verizon’s data breach investigation report. Clearly, retailers need to take concrete steps to secure their SaaS stacks.
And yet, securing applications is complicated. Retailers tend to have multiple tenants of apps, leading to confusion as to which instances of the application were already secure and which are vulnerable to attack. They also have high employee turnover rates, and they provision employees quickly when they move on to other opportunities.
Learn how you can secure your entire SaaS stack with an SSPM solution.
A Wrench in Operation
When most organizations discuss SaaS security, the concern is protecting data. Although the same is true for retailers, many retailers have integrated their operations with SaaS apps. ServiceNow has reimagined the retail experience, enabling retailers to better resolve issues, manage their supply chains, and streamline operations.
The risk in such apps would be disastrous for the retailer. They may lose visibility and control of their entire supply chain, ordering system and franchise support platform. This is not an inconvenience; Now that many retailers have completed their digital transformation, they must secure applications that make power operations a top priority.
Multiple App Instances
Retailers use multiple tenants of the same app to manage different regions within the chain and different product lines across the chain. Consider a scenario where a retailer has fifty different instances of a CRM or ticketing system. Each tenant should be secured independently, following the retailer’s guidelines.
While some examples of that application are undoubtedly secure, others present themselves as a black hole where no one in the company really knows what’s going on. Some instances may have SSO, require MFA, and provide limited role-based access, while other instances may allow all users to login locally with only one factor.
Controlling Access Governance in a High Turnover Industry
According to the US Chamber of Commerce, nearly 70% of all retail jobs are vacant, and surveys show that 74% of retail workers plan to change jobs this year. Those numbers indicate a transient workforce that requires rapid onboarding and even faster deprovisioning from company SaaS applications.
Many of these processes are automated. However, SaaS applications that are not integrated with the company’s Identity Provider (IDP) software retain employees’ access to those apps. Additionally, employees with local access to apps often lose the ability to login with SSO but are still able to log into apps directly.
As part of any retail SaaS security program, attention should be paid to former employees. Revoking access immediately helps reduce the potential for data leaks, breaches, and other cyber attacks.
Securing the Complete Retail SaaS Stack
SaaS Security Posture Management (SSPM) enables companies to measure the risk of their SaaS applications and take the necessary steps to secure the stack. SSPMs monitor each tenant of the application independently in a single pane of glass, enabling security teams to identify less protected applications and take necessary steps to prevent unauthorized access. To further enhance security, SSPMs help users find the safest tenant and use this as a baseline to secure other tenants.
SSPM also monitors users. It can perform user discovery to identify those that need to be provisioned, and guide the security team on how to best remove access. Meanwhile, SSPM’s threat detection capabilities can issue alerts when threat actors have breached the application.
By implementing an SSPM program, retailers can control and protect their SaaS stack, and leverage their digital transformation.