Why IDaaS Security is the New Hot Topic for CISOs What is IDaaS? Identity-as-a-Service (IDaaS) providers such as Okta, OneLogin, and Centrify, offer single sign-on authentication solutions that give users access to…

Why IDaaS Security is the New Hot Topic for CISOs

Zack Gross

With a passion for all things tech and creative, I spend my time helping people discover how cloud cybersecurity protects and enables businesses all at once.


What is IDaaS?

Identity-as-a-Service (IDaaS) providers such as Okta, OneLogin, and Centrify, offer single sign-on authentication solutions that give users access to all applications at once through a centralized login point. On top of that, they allow organizations to implement multi-factor authentication and assign policies, roles and permissions by profile. The benefits are clear–  they save time, enhance productivity, and more. But… IDaaS can be a risky business, too.

Low on Time? Get a FREE Cloud Security Assessment Now

Why are CISOs So Focused on IDaaS Security?

CloudLock research has shown that cloud cybersecurity risk is highly concentrated among a small subset of users. In fact, 1% of users introduce 75% of the overall risk and are responsible for 62% of app installations. While IDaaS platforms increase ease of access for approved users, if privileged credentials fall into the wrong hands, or there’s a connection to a malicious app, the results can be catastrophic.

CloudLock IDaaS SecurityBy the end of 2015, spending in the IDaaS market is set to have increased by 150% from last year. As IDaaS adoption increases, and users are connecting with ease to potentially thousands of apps at once, it’s crucial to keep a watchful eye on who’s passing through your IDaaS platform.

In this space, security is essentially a shared responsibility model. While IDaaS providers offer security capabilities around login behaviors, it’s crucial to identify behavior patterns that extend across platforms both at login and post-login to detect suspicious activity and session hijacking. Correlating that information across disparate systems is the only way to achieve heightened security intelligence.

Security for IDaaS

As you consider adding a CASB or other cloud security solution to your arsenal, your IDaaS platform must be accounted for. Look for protection around three main areas:

  1. Compromised Accounts – You’d be doing yourself a disservice by looking only at who logged into your IDaaS platform and when. It’s crucial to look beyond this initial activity. Once a user logs in, what behavior are they exhibiting across your SaaS, IaaS, and PaaS platforms? Is any of it suspicious?

    You’ll need to be alerted to any instances of behavior which could potentially indicate threats– particularly when they may seem innocuous out of context, but, when examined in context, gain depth and meaning. A simple example– if a user initially logs into your IDaaS platform from New York, and then those same credentials are used to manipulate files within a SaaS environment like Google Drive from Sydney minutes later, you’ll want to be notified immediately and take action.
  2. Cloud Malware – Can you tell which apps are capable of accessing, modifying, and externalizing corporate data in your organization’s cloud environment? Cloud malware attacks can originate from apps that are malicious by design, or even trusted apps that are breached. With IDaaS platforms’ inherent extensibility, it’s important to be able to combat apps that may pose threats to your data security. Combining the connections of an IDaaS solution with the post-login intelligence from a CASB offers a powerful joint solution to defend against cloud malware.

    CloudLock IDaaS Security
    If a user authorizes a dangerous app with their IDaaS credentials, whether maliciously or accidentally, they could easily open your organization to a major attack. IDaaS security solutions should allow you to monitor cloud applications and enable you to revoke access across all platforms and identities when needed.
  3. Security Operations and Forensics  – The security functionality native to your IDaaS provider will likely give you great insight into user activities within the IDaaS platform itself. But, if you’re dealing with a security breach, or even just investigating daily security incidents, you’ll want a granular view and analysis of who did what and when across all cloud platforms, and an easy way to incorporate it into your organization’s operations.

Think You Have This Under Control?

Cloudlock, the leading Cloud Cybersecurity-as-a-Service company, partners with leading IDaaS companies and offers integrated solutions to bring you the best of both worlds.

Find out if you have anything to worry about – Get a Free Assessment to uncover cybersecurity risk across your entire cloud environment– IDaaS, SaaS, PaaS, and IaaS:

  • Expose potential compromised accounts, cloud malware, or data security violations
  • Validate adherence with internal or industry-governed regulations – PCI, HIPAA, FERPA, and more
  • Receive a business analysis, mapping findings to your organizational goals




Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser