What is a good baseline SaaS Security Policy?


At Detexian, we often get asked “What is a good baseline SaaS Security Policy?”. This is a question we’re always up to answer. In fact, helping people with this is one of the reasons we exist!

We recommend the following minimum security baseline be applied to all SaaS holding business critical or customer sensitive data:

  • Require MFA for Non-Privileged Accounts: MFA has been shown to block phishing and account compromise attacks by 99.9%;
  • Identify and monitor Guest / External Accounts: Every 6 months all external and guest access should be checked, reviewed and removed if no longer needed;
  • Identify and monitor Privileged Users: Knowing who are privileged users in your SaaS solutions is a critical baseline policy, without knowing who they are, when they’ve last logged in you’ll never be able to see if they’ve changed;
  • Require MFA for Privileged Accounts: As privileged users can change configuration, users and destroy or export data, it is critical that their accounts are protected from compromise or takeover with MFA.

Secure what you can't see in the cloud

710 Collins Street
Melbourne VIC 3008
9848 Mercy Rd #2
San Diego 92129

Get the latest information about SaaS security misconfigurations

Copyright Detexian 2020 All Rights ReservedTerms & ConditionsPrivacy Policy