Readers of this blog will be intimately familiar with the way technology delivery has changed over the years. Locally-hosted server racks are history. Instead, companies rely on cloud vendors large and small to deliver essential business services via web apps – or software as a service (SaaS).

Web apps, however, bring a whole new challenge to cyber security solutions. In this article, we outline why web app security matters and what your company can do to ensure that the web apps it uses remain secure.

Web app security is a new frontier

Web apps are by definition open and rely on the public internet to transmit data – most software as a service (SaaS) vendors host their solutions in the public cloud.

In contrast, locally-hosted apps are contained in your company’s secure environment. Web apps present a different security environment, and while some companies have adapted their cyber security solutions accordingly, some companies are still planning their IT security around the on-premise environment.

Taking an on-premise approach to cyber security solutions for web apps is a risk. Hackers exploit web apps along very different vectors – and they do so at an incredible pace. In 2018 alone, just one cyber security solutions company detected 3.7 million formjacking incidents.

Clearly, companies need to ensure that their cybersecurity posture matches the unique security challenges of web apps. Let’s take a look.

Start by taking control

You can’t protect tech tools that you don’t know you’re using, so make a list of the web apps you depend on. Consider all the web apps that your company uses for day to day operations – from productivity suites such as Office 365 and Google Docs, right through to marketing support apps that may appear trivial from a security perspective.

To gain control over your web apps, you also need to map credentials. Gaining control over web app credentials is particularly important given the fact that many web apps are informally introduced into companies as “shadow IT”. Control also implies careful rights management; you don’t want to give staff members more account permissions than necessary.

With a complete list of web apps in use and a comprehensive map of the access requirements, you’re off to a good start in controlling and protecting the SaaS apps your company depends on.

Activate security measures

So, what cyber security solutions are there to protect your web apps? First, tighten up those credentials by using multi-factor authentication (MFA). Requiring an additional password when logging in might be a slight inconvenience for users, but it provides a significant barrier to many common intrusion methods.

Automated security tools can also help. These could be endpoint tools deployed on your user’s devices – where a local virus scanner and malware filter watch out for dodgy URLs that are trying to grab your user’s credentials.

If you have a large contingent of on-site staff, you could should also ensure that you still have a solid network security device that can intelligently scan network traffic, and act as a firewall that blocks user actions where endpoint software fails to catch a threat.

Finally, the use of VPNs for remote workers can ensure that your remote workers do not encounter threats on local, unprotected networks – such as public Wi-Fi.

Consider working with your IT Security company to beef up measures based on best practice. Your IT support company can deliver critical advice on how to safely work with web apps that may well save you from a very expensive cyberattack breach in the future.

Don’t forget about backups

Locally hosted equipment can prompt a natural response to backup – something as simple as storage might fail, after all. It is tempting to assume that cloud-hosted web apps are inherently safe due to the extensive redundancy that most companies build into their SaaS solutions.

However, the data loss risks of web apps are altogether different. While it is unlikely that a vendor will lose your data due to a hardware failure, other risks are more prominent. Consider a malicious employee who tries to erase data, for example. Ransomware is also a big risk. In other words, criminals can hack into web apps, capture your data – and demand a ransom.

That’s why you should back up your web app data with the same vigour as you would back up a locally hosted solution.

Keep an eye on vendors

We mentioned the risks that vendors pose in the last section – and why you needed to back up your web app data. Remember, your vendor’s cyber security capabilities are only as strong as the weakest link in your vendor’s protection arsenal. Indeed, your level of security is dependent on those of your vendors.

In essence, a single weak link in your vendor’s security can undermine all your best efforts to secure your web apps across the board. Look out for vendors that have passed certification programs, and attempt to do due diligence. Find out which platforms your web apps depend on, and how secure they are.