Let’s get SaaS-y
Understanding which SaaS tools you need to prioritize monitoring for your security is a key step towards helping you maximize the benefits of Dfend.
With Dfend’s new free plan comes monitoring for three SaaS products and one domain name. For lots of people, that’s enough. But if you’re like me and super connected to the internet, this might get a little tricky. The following is a list of SaaS products that I use on a regular basis:
- Gsuite — Gmail, Google calendar, Google Drive, etc.
- Dropbox
- Facebook/Facebook Messenger
- Snapchat
- Slack
- Skype
- Youtube
And that’s just some of the SaaS services that I use for my personal life.
So which cloud tools should I monitor to maximize value on Dfend’s free plan?
There is no such thing as a one-size-fits-all solution. You can’t sprinkle on magic unicorn dust, flip a switch and say “I’m safe now”, because the services that are most important to you depend on your individual circumstances. This concept is known as threat modeling in the IT security world, and we will explore two of its overarching points in this post.
#1: Prioritize by your weakest link
That starts with you. Your awareness in information security, being alert to potential breaches in your personal security and the steps you take to ensure that you’re equipped to handle any security issues that might arise.
See, you could own a McLaren F1 supercar, but even a car with that level of engineering can’t prevent you from crashing (it’s also not going to help you prevent theft if you can’t understand your vendor’s security disclosures). Similarly, you can have all the sophisticated security jazz, but if you don’t take basic security measures like strong passwords, multi-factor authentication etc., you’re still going to be an easy target for a breach.
The other thing that you should keep an eye on is your email account. Most people receive tons of sensitive information in their inbox. It also holds access to other services that you use (think password reset), making it a pretty tempting target for scammers. You want to make sure that your email account is secure. I would personally place my email service provider as top priority under SaaS technologies for Dfend to monitor.
#2: What holds the most sensitive data?
If you’re using services like Dropbox or Facebook, your accounts might hold tons of personal information that you want to keep private, so prioritize those for monitoring.
Bear in mind that large SaaS providers generally do have rather robust testing protocols for releasing a new product. If you’re monitoring these SaaS services, you might notice that you barely get any alerts, if at all. But when a breach does occur, it has the potential to impact a large number of users or have severe consequences. So it’s still important for you to keep an eye on those services.
Case in point — Google just had an incident with a large scale phishing campaign. They addressed it really quickly but was still reported to have affected 0.1% of Gmail users. That might not sound like much, but in Google’s case, it equates to over 1 million users who may have been hit by one of these emails. It’s a good reminder that even established cloud service providers are susceptible to risk (some might argue that they are more prone to attacks!), and that it can be difficult to spot a scammer!
So there you have it. We hope these tips give you a better idea of how to choose which technologies to monitor. Say hello@dfend.io if you have any suggestions or questions on what you should be monitoring! And if you haven’t already:
If you’re juggling too many SaaS tools to pick just three, do consider upgrading to our Starter Plan ;)
Note: Hey companies — If all these micro decisions are boggling your brain because you have to whittle through 200 SaaS products to see which is most useful for monitoring, give us a shout. We’ll shout you back with two weeks of Unicorn to trial. You’re welcome.
