Demo Request
Take a personalized product tour with a member of our team to see how we can help make your existing security teams and tools more effective within minutes.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Home
Blog
CISA Demands Federal Agencies Secure SaaS Apps. Here’s How to Get it Right.

CISA Demands Federal Agencies Secure SaaS Apps. Here’s How to Get it Right.

Kate Turchin
Updated
December 23, 2024
December 23, 2024
4 minutes

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a new directive requiring federal agencies to strengthen security across their Microsoft 365 SaaS environments. Although it only finalized the secure configuration baseline (SCB) requirements for Microsoft 365, it plans to release SCBs for Google Workspaces, and other SaaS applications, in 2025. 

CISA’s directive comes in response to a wave of breaches exploiting misconfigured SaaS environments and inadequate security measures, like accounts configured without multi-factor authentication (MFA). As agencies scramble to meet these requirements, the broader message for all organizations—public and private—is clear: securing SaaS ecosystems is no longer optional, it’s essential.

At Reco, we believe effectively securing SaaS applications like Microsoft 365 requires securing the entire SaaS lifecycle – from SaaS deployment through scaling, and beyond. Here’s what it takes:

1. Discover All Your SaaS Applications

The first step to securing SaaS applications is understanding what you’re working with. The average organization operates with 490 SaaS applications,  like Microsoft 365, Salesforce, Slack, Snowflake, and more. But out of this 490, only 229 are authorized by IT, leaving on average hundreds of apps unauthorized and unmonitored. Without Security oversight, SaaS applications are often deployed with weak security settings, like duplicative passwords, overly permissive roles, or lack of MFA. These applications may also integrate with business critical applications, like Microsoft 365, creating an attack vector for threat actors to exploit and gain access to sensitive data.

The Reco platform uses advanced AI-based graph technology to discover all SaaS applications across your organization—both authorized and unauthorized. It uncovers 3rd-party apps, shadow applications being used by employees, and also shadow AI applications, including AI assistants and copilots that may be embedded into approved business tools.

→ Read Next: How Reco Discovers Shadow SaaS Applications and Shadow AI (Blog)

2. Gain Visibility into Your SaaS Ecosystem

SaaS ecosystems contain hundreds, sometimes thousands, of apps. Add into the mix all the app-to-app connections, identities, and permissions and you gain a picture of a highly complex web that is impossible to track manually. Most security teams are sending event logs to their SIEM or SOAR from a handful of core apps, but what about all the other apps that are not being monitored?

Reco provides visibility into every app, identity, and their actions so Security teams can understand what’s going on and remediate risks. The knowledge graph offers insight into who has access to what, how they’re authenticating, what permissions they have, and what actions they’ve taken. 

3. Unify Identities Across SaaS Applications

SaaS environments are made up of disparate applications, each with their own unique security settings. They’re owned and managed by various business departments across the organization, from Sales and Engineering, to HR and Finance. This allows businesses to be more agile, but it creates blindspots for security because managing security for multiple apps means toggling between multiple accounts and working with different stakeholders. 

To make matters more complex, every app user creates a new identity with a unique permission set for every app. So consider a company with 1000 users and 100 apps. That amounts to 100,000 unique identities to manage!

To simplify identity management in SaaS, Reco consolidates identities across multiple apps. With Reco, Security teams can manage access controls, roles, and permissions for all SaaS applications from a single console.

4. Continuously Monitor and Manage SaaS Posture

CISA specifically highlighted misconfigurations as a top attack vector. Attackers often gain initial access through unprotected accounts, weak MFA enforcement, or overly permissive settings. As CISA’s directive emphasizes, agencies must regularly audit and secure Microsoft 365 tenants to prevent breaches.

The best way to do this is with a SaaS Security Posture Management (SSPM) solution. SSPM provides continuous monitoring of SaaS application configurations and raises alerts when something is misconfigured. From enforcing MFA to identifying stale accounts and over-privileged roles, proactive posture management reduces the attack surface and minimizes the chance of a breach.

5. Detect and Respond to Threats in Real Time

Securing SaaS applications isn’t just about prevention; it’s about being able to identify live attacks in real time. For example, when an identity that typically logs in from the US suddenly logs in from China — that could be a sign of an active breach.

Reco provides alerts for suspicious activities such as unusual downloads, failed login attempts, or impossible travel. It integrates with your existing SIEM or SOAR so security operations teams can be notified within existing workflows and take appropriate actions.

→ Read Next: How Reco Uses Advanced Analytics to Detect Sophisticated Threats (Blog)

It’s Time for All Organizations to Cover Their SaaS

CISA’s new directive is a wake-up call for all organizations, not just federal agencies. SaaS applications have become the backbone of modern work, but securing them requires having the right tools and processes in place.

At Reco, we help organizations monitor and secure the entire SaaS lifecycle, from the moment an app is provisioned through upgrades and scaling. We currently support 130 apps! And that number is steadily growing, as we add 2-3 integrations per week. 

Ready to take the first step in securing your SaaS ecosystem? Reach out to schedule a demo of Reco.

ABOUT THE AUTHOR

Kate Turchin

Kate Turchin is the Director of Demand Generation at Reco.

Technical Review by:
Gal Nakash
Technical Review by:
Kate Turchin

Kate Turchin is the Director of Demand Generation at Reco.

Request a Demo
Table of Contents
Overview
Get the Latest SaaS Security Insights
Subscribe to receive updates on the latest cyber security attacks and trends in SaaS Security.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Explore Related Posts

SaaS Security
3 minutes

How Reco Discovers Shadow SaaS and Shadow AI

Kate Turchin
December 16, 2024
Reco's shadow SaaS and shadow AI discovery solution can identify all applications and copilots being used by employees, rank their level of risk, and provide insight into who is using what and how.
SaaS Security
5 minutes

Shadow AI Security in SaaS: Challenges, Risks, and How to Protect Data

Kate Turchin
December 16, 2024
The recent surge in generative AI adoption has given rise to a new security concern: shadow AI. A subset of shadow IT, shadow AI refers to the unapproved or unsanctioned use of AI tools and copilots within an organization. This blog discusses shadow AI security challenges, risks, and how to prevent data exposure by reducing shadow AI.
Cyber Attack
4 minutes

Reco Security Labs - SailPoint Admin Accounts Grant Full Tenant Access

Dvir Sasson
December 2, 2024
SailPoint includes two built-in organizational admin accounts that are used to provide customer support and ensure smooth operations. While these accounts are designed with good intentions, they introduce potential risks. Read this blog to learn about the risks and how Reco can help.
See more articles from our blog