Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area the two can agree on is the need to secure their SaaS stacks. From communication tools to order management and fulfillment systems, most of today’s essential retail software resides in SaaS applications in the cloud. Securing those applications is critical to ongoing operations, chain management, and business continuity.
The breach at retail sent out seismic shockwaves. Ten years later, many still remember the one national retailer in possession of 40 million stolen credit card records. The attacks continued. Based on Verizon’s The Data Breach Investigation Report, last year looked at 629 cybersecurity incidents in the sector. Clearly, retailers must take concrete steps to secure their SaaS stack.
However, securing apps is tricky. Retailers tend to have multiple app tenants, leading to confusion about which instances of an app are already secured and which are vulnerable to attack. They also have high employee turnover rates, and should fire employees quickly when they move on to other opportunities.
Multiple Application Instances
Retailers tend to use multiple tenants of the same application to manage different regions in the chain and different product lines across the chain. Consider a scenario where a retailer has fifty different instances of a CRM or ticketing system. Each tenant must be secured independently, following the retailer’s guidelines.
While some instances of the app are unquestionably safe, others present themselves more as black holes, where no one in the company really knows what’s going on. Some instances may have SSO, require MFA, and provide restricted role-based access, while others may allow all users to log on locally with only one factor.
Wrench in Operation
When most organizations discuss SaaS security, the concern is data protection. While that also applies to resellers, many retailers have tied their operations to SaaS applications. ServiceNow has reimagined the retail experience, enabling retailers to better solve problems, manage their supply chains and streamline operations.
The risk in an application like this would be catastrophic for the retailer. They can lose visibility and control over their entire supply chain, order system and franchise support platform. It’s not an inconvenience; now that many retailers have completed their digital transformation, they must make securing the applications that support operations a top priority.
Controlling Access Governance in High Turnover Industries
According to US Chamber of Commercenearly 70% of all retail jobs are unfilled, and surveys show that 74% of retail workers plans to switch jobs this year. The figures represent a temporary workforce that requires fast onboarding and even faster revocation of access to enterprise SaaS applications.
Many of these processes are automated. However, SaaS applications that are not integrated with enterprise Identity Provider (IdP) software retain employee access to those applications. Additionally, employees with local access to apps often lose the ability to sign in with SSO, but can still sign in to apps right away.
As part of any retail SaaS security program, attention must be paid to former employees. Revoking access immediately helps reduce the possibility of data leaks, breaches, and other cyber attacks.
Protecting the Full Retail SaaS Stack
SaaS Security Posture Management (SSPM) enables enterprises to measure risk on their SaaS applications and take the necessary steps to secure the stack. SSPM monitors each application tenant independently within a single pane of glass, enabling security teams to identify poorly protected applications and take necessary steps to prevent unauthorized access. To further enhance security, SSPM helps users find the safest tenants and use that as a basis for securing other tenants.
SSPM also monitors users. It can search users to identify those who need to be revoked, and guide the security team on the best way to remove access. Meanwhile, SSPM’s threat detection capabilities can issue a warning when a threat actor has violated an application.
By implementing the SSPM program, retailers can control and protect their SaaS stack, and take advantage of the benefits that come from their digital transformation.