What Is SaaS Security Posture Management?
One of the newest CSPM tools is SaaS Security Posture Management, which applies specifically to SaaS applications. With SSPM, organizations can be more confident in their adoption of popular SaaS applications such as Microsoft 365 and Zoom, says Colby Proffitt, a cybersecurity strategist and director of public sector marketing at Netskope.
“The most common form of cloud security failure can be traced to a misconfiguration of some kind,” says Proffitt. “To complicate matters further, across the wide array of SaaS applications on the market — and there are more than 40,000 — there exists no standardized mechanism for configuring security features or even a standardized vocabulary to describe them.”
By using SSPM, “organizations can verify they have configured the application correctly and securely, and ensure their configuration is aligned with best practices and in compliance with well-known regulations. If any issues are found, SSPM also assists with the remediation,” he says.
The Education Sector Is at High Risk for Cyberattacks
Proffitt says K–12 schools tend to be more vulnerable to misconfigurations than other organizations because they have limited budgets and IT resources.
“Schools might not necessarily see themselves as a high priority for cybersecurity attackers, but when we look at the problem of ransomware, schools are actually the No. 2 targeted sector, after hospitals,” says John Yeoh, global vice president of research at Cloud Security Alliance.
Schools are particularly vulnerable to cyberattacks and data breaches, says Yeoh, because they have less funding for security and a lot of sensitive data with financial value, including students’ Social Security numbers and financial accounts tied to teachers’ pensions.
“If you look at students in K–12, these are young kids who haven’t established any credit histories yet, and of course, no one’s checking their credit histories regularly, so they are prime targets for fraudulent financial activities,” he says.
K–12 schools are also vulnerable to security breaches from disgruntled students who are looking to change grades or disrupt school operations. “There’s a lot at stake,” says Yeoh.
SSPM Can Help K–12 Schools Save Time and Money
The shift to remote learning due to the pandemic led to an explosion of new SaaS products in K–12 education, and schools are continually adding SaaS applications to their IT systems. If a school has SSPM in place, it’s easy to automate and scale the technology to accommodate new applications. However, while SSPM is trending as a cutting-edge technology, many school districts aren’t currently considering this solution.
“SSPM is still a fairly new technology, so it’s not widely adopted by K–12,” says Proffitt. “Schools are typically budget- and personnel-constrained, which would naturally place investigation of a new technology like SSPM at a low priority.”
But Proffitt says K–12 schools should consider SSPM because the technology will ultimately reduce costs and could offer bandwidth to IT teams that are stretched thin.