Managing and Securing SaaS Applications

By Sean Washington

Software as a Service (SaaS) has become the new approach for delivering critical business applications. Most developers have eliminated Client/Server applications in favor of services that can be easily accessed, provisioned, and subscribed to directly over a web browser. This is a fast growing market that is being widely embraced by businesses from startups to the enterprise. The fact that they are accessed differently has changed the way businesses manage and secure their IT operations.


Businesses have moved their software out of their own data centers and into the Cloud. In the world of SaaS, intellectual property, sensitive data, and pretty much anything that runs a business can be accessed by various SaaS apps. The Following are examples of SaaS applications that are widely used in business:

  • Email (Microsoft 365, GSuite)
  • CRM (SalesForce, Zoho, Hubspot)
  • ERP (NetSuite, Sage, SAP, Dynamics)
  • Cloud File Systems (OneDrive, Citrix, Box, DropBox)
  • Marketing (HubSpot, Captera, MailChimp)
  • Human Resources (Workday, ADP, SAP)

SaaS apps can essentially run the entire IT operation outside of Operating Systems, Network, and Security.   The challenge IT departments now find is how can this all be effectively managed? These SaaS services are all Cloud based, so the data within is fully managed by the vendor. Users can access with a single log in from anywhere. This makes the administrator’s job more complex as they are relinquishing control to third parties.

Application Access

Cloud based solutions are very easy to access, the user simply needs their own unique credentials and an Internet connection to get into the system. This means that they can access company data from anywhere unless there are controls in place by the organization. This makes it a very nimble solution for a mobile workforce, but it also makes management and security challenging.

The modern workforce that runs exclusively on SaaS applications should implement controls that are integrated into the company directories to enforce access and security measures for users. To go securely into a fully Cloud based operation, IT administrators should implement the following:

Directory Integration

Businesses leverage directory services (LDAP/Active Directory) to control users and implement standardized security controls. Directories can enable admins to turn on or shut off applications for new or terminated users. SaaS applications are not based on traditional server connectivity, so it makes a uniform policy harder to enforce especially with multiple apps. There are even SaaS Directory services such as OneLogIn, JumpCloud, AzureAD, and Okta.


Single Sign On

An SSO function integrates with a directory so that it can enable a blanket policy/amin layer to access all applications for users. Most apps have integration to support SSO, so admins simply need a platform to manage this. With SSO, admins can assign applications to users, restrict access, enforce password policy, and manage the licensing more efficiently. Vendors that provide this system include Citrix, Okta, and OneLogIn.


Multi-Factor Authentication

Multi-Factor Authentication is used to validate credentials, adding a secondary authentication token to protect from imposters. Most SaaS application have integration to support MFA functionality, but it can also be universally applied to an entire operation if using an SSO platform.


Enterprise File System/Collaboration

If a business is looking to go 100% SaaS based, they can replace their File System with a Cloud Solution such as DropBox, OneDrive or Citrix Collaboration (ShareFile). This too can be integrated into a system with SSO and MFA, allowing users to securely access their files from anywhere. These systems integrate with Directories so that they can apply policies universally.


Application Integration

This is one of the cool parts of SaaS application and will continue to drive the functionality of Cloud services. Most software created for SaaS applications includes API integration between platforms. Understanding how to leverage these tools is now a function of administrating the SaaS applications. Administrators must now understand how systems work together in the Cloud and how that will impact end users.


End User Experience

The typical employee working in a SaaS-powered organization will come in, log into their computer, and get ready to work. They will pull up a web browser, hit their bookmarks and launch their apps. Credentials will be loaded into the browser and the end user starts to work. This is an obvious security hazard.

Businesses that do not deploy any systems to manage SaaS apps will generally find some of the following issues within their operation:

  • Employees have multiple Passwords for Multiple Applications all with no universal Password Policy
  • No Multi-Factor Authentication
  • Shadow accounts (employees using unauthorized SaaS Tools)
  • Difficulty removing access for terminated employees – multiple employees vs multiple apps
  • Access to non-business applications
  • Inability to track usage outside of the network (data leakage)

If an organization were to run a unified management system to deliver SaaS apps, employees would have a nice, clean single interface to access all of their apps.   With an SSO solution, they can integrate all things Cloud onto a single pane of glass and easily access their applications. This can happen in the office and securely from anywhere else in the world.

How Mindcentric Manages SaaS with Single Sign On

Mindcentric understands that a Hybrid Cloud solution is typical for most businesses and that many applications are now run as SaaS. Traditional management practices must be altered to efficiently manage and secure applications that run in the cloud. We recommend running a Single Sign On solution to manage the applications and unify policy with their directory.

As a Citrix Partner, Mindcentric is rolling Citrix Workspace Standard into our core offering for all new clients that run as a SaaS shop. The Citrix workspace is unique as it bundles all the features above into a single, low cost solution. This is for traditional desktops (Mac, PC, Linux), so that they can become a hub for all solutions based in the Cloud. Citrix Workspace includes:

Citrix Gateway as a Service:

  • Provides an easy, secure, robust, and scalable solution to manage apps.
  • Offers a secure remote access solution with diverse identity and access management (IdAM) capabilities, delivering a unified experience into SaaS apps
  • Helps integrate on-prem deployments to deliver a unified app experience including SaaS and virtual apps and desktops (if needed)

Single-Sign-On to SaaS and Web applications

  • Simplifies the logon experience for users so they can increase productivity while improving the customer’s security posture without a VPN
  • Multi-factor authentication with native one-time password

Microapps – Intelligent Workspace

  • This may include client-server, mobile and increasingly SaaS and web-based apps. This service enables admins to customize and streamline user workflows and microapp coding tools to help customers be more productive

Citrix Content Collaboration Standard – Unlimited Storage

  • Enables the exchange of documents, the ability to send large documents by email, and securely handle document transfers to third parties easily and securely
  • Empowers IT with data storage flexibility

Mindcentric is a Full Cloud Solution provider and MSP (Managed Service Provider) out of San Diego, CA. We have employees across the United States and serve Clients across the globe. For over 20 years, we have consulted with businesses to address their specific needs, focusing on IT Operations, Security, and Cloud Systems.                                                                 Phone(800) 327-1802

Tags: Managed Services

Related Articles

Contact Us

If you have any questions, we'd love to chat about how we can help your company.