Thales Blog

Data Defense: Leveraging SaaS Security Tools

June 4, 2024

Aamir Sardar Aamir Sardar | Director Alliances, Thales DIS CPL More About This Author >

The Software-as-a-Service (SaaS) market has burgeoned in recent years, driven by its convenience, scalability, and cost-effectiveness. As per the Thales 2024 Data Threat Report, enterprises reported they were using, on average, 84 SaaS apps in their operations. However, with this growth comes the challenge of organizational SaaS sprawl, as businesses adopt multiple SaaS applications across various departments without a centralized management strategy. This can lead to fragmentation of data and growing complexity in ensuring security and compliance.

Concurrently, cybercrime is skyrocketing, targeting SaaS platforms due to their widespread usage driven by today’s distributed workforces and the valuable data they host. As per the upcoming Thales 2024 Cloud Security Report, SaaS apps were ranked as the top target for cyberattacks. This highlights the cybersecurity challenges companies face in an evolving work landscape.

Alongside these issues, an increasingly stringent regulatory landscape is imposing stricter compliance mandates on data protection, privacy, and sovereignty, meaning SaaS providers and their users need more robust security measures.

Data Protection Models for SaaS

To add complexity on top of the SaaS sprawl, rocketing cybercrime, and increased regulation, organizations are rapidly transitioning to multi- or hybrid-cloud deployment models, leveraging a combination of public and private clouds and on-premises infrastructure. While offering flexibility and resilience, these models introduce additional security considerations for enterprise SaaS users, such as managing access controls and ensuring seamless data protection policies across disparate environments and across multiple SaaS applications. Similarly, SaaS providers operating in a multi-cloud environment face the challenge of maintaining security and compliance while ensuring seamless service delivery to their enterprise users.

One data protection solution gaining strong traction in the market relies on organizations’ tighter ownership and control of encryption keys independently from their cloud or SaaS provider’s infrastructure. The two most popular approaches for such External Key Management (EKM) architectures are referred to as Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK).

Implementing Encryption coupled with BYOK/HYOK strengthens data protection and helps build trust and transparency between SaaS providers and their customers. It empowers enterprise customers with greater control over their data while assisting them to maintain compliance with regulatory requirements and industry standards.

Furthermore, BYOK/HYOK helps facilitate data portability and interoperability, allowing seamless migration between cloud environments without compromising security. By bringing customer-owned encryption keys on board, SaaS providers can boost the security posture of their multi-cloud deployments while reinforcing trust with their customers, who entrust their sensitive data to these SaaS platforms.

Reinforcing Security and Compliance for Salesforce Users

One of the largest global SaaS providers, Salesforce, caters to organizations of all sizes, offering a wide range of solutions to streamline business operations and enhance customer engagement. And because businesses increasingly rely on Salesforce to manage their critical data and workflows, ensuring the security and confidentiality of their private data is vital.

Thales partners with Salesforce to protect enterprise clients’ sensitive data and personally identifiable information (PII) on the Salesforce platform. Irrespective of whether data resides on Salesforce’s own data centers or its Hyperforce service hosted on AWS, Thales helps enable digital sovereignty for organizations by ensuring they retain full control and management over their encryption keys.

Thales supports multiple key-management options for Salesforce, including cache-only keys, Bring Your Own Key (BYOK), and Hold Your Own Key (HYOK), offering flexibility to enterprises based on their security requirements and compliance mandates. Thales works with Salesforce’s External Key Management (EKM) service for Salesforce Shield Platform Encryption to ensure that customers can securely store, manage, and maintain the tenant secrets used to derive the encryption keys that protect data within the Salesforce environment.

Data Protection, Control, and Sovereignty for Zoom Users

Another company partnering with Thales on data security solutions is Zoom, a prominent player in the Unified Communications as a Service (UCaaS) market, offering a platform for video conferencing, collaboration, and communication. Featuring a user-friendly interface and robust feature set, Zoom became the go-to choice for businesses of all sizes seeking efficient and reliable communication tools, particularly when workforces began working from home in a mass exodus during the global pandemic.

In today’s world of distributed work, hybrid work and virtual collaboration remain the norm, and businesses depend on Zoom to facilitate meetings, webinars, and team interactions. Again, ensuring sensitive data and PII security and privacy is vital.

Thales safeguards enterprise clients' sensitive and proprietary information on the Zoom platform, regardless of whether it resides in its data centers or public cloud infrastructure. Thales offers customer-controlled key management options for Zoom, allowing enterprises to keep ownership and control over their encryption keys that protect their Zoom content, such as meeting recordings, transcripts, voicemails, webinars, and calendar items. Working with Zoom's Customer Managed Key (CMK) feature, Thales helps customers manage their encryption keys outside of the cloud, under their control located within their sovereign boundary, to ensure that their sensitive data remains safe and out of the hands of unauthorized parties.

Meeting the Needs of Global SaaS Providers and Users

Thales offers market-leading data protection solutions for SaaS and is tailored to the needs of global SaaS providers and their enterprise SaaS customers. Through close collaboration with SaaS platforms, Thales enables organizations to uphold robust security standards, mitigate data breaches, and maintain regulatory compliance, building trust and confidence in the integrity of SaaS-based operations and communication workflows.

Are you ready to elevate your SaaS security? Partner with Thales today to safeguard your data, ensure compliance, and instill trust in your SaaS operations.