SaaS Alerts - Experts & Thought Leaders

According to a Cloud Security Alliance report, 55% of organisations experienced a SaaS cybersecurity incident within the past two years. While apps typically offer basic security features, MSPs still need to implement additional measures to protect client data from breaches, leaks and cyberattacks. This means going beyond the default security provided by SaaS platforms and actively managing potential risks specific to each client’s environment. Let’s review seven SaaS security best practices to ensure the clients’ environments are thoroughly protected. Inadequate backup measures Perform Regular Backups - In a 2024 survey by Backblaze, only 42% of those who experienced data loss over the past year said they could restore all their data. Unsuccessful data recovery is largely due to inadequate backup measures. Online backup solutions create encrypted copies of business-critical files and store them on remote servers. This layer of data protection allows users to recover their clients’ information during incidents like physical disasters, hardware failure or cybersecurity incidents like ransomware attacks. By including regular data backups in the SaaS cloud security strategy, users: Reduce downtime: Performing regular backups allows for quick restoration of systems and data following a security incident, minimising delays and interruptions to critical business operations. Protect data in case of cyberattacks: Maintaining secure, clean backups of client data is a safeguard against attacks such as ransomware, which can encrypt critical files and make them inaccessible. Enhancing password strength Control Data Access - Implementing MSP best practices for granular access controls ensures only specific individuals can view, edit or share information within SaaS environments. This approach reduces the risk of data breaches by limiting exposure to potential threats. Practical methods for implementing this type of security control include: Role-based access: Assign file and system permissions based on roles to ensure users only access the data necessary for their job functions. Complex password policies: Enforce passwords of at least 12 characters with a minimum complexity to enhance password strength and protect against brute-force attacks. Multi-factor authentication (MFA): Mandate multiple forms of identity verification to access data, reducing the risk of unauthorised access even if login credentials are compromised. Advanced authentication methods: Use authenticator apps or hardware tokens for additional verification. Analysis of application performance Effective SaaS security monitoring requires vigilant tracking and analysis of application performance Continuously Monitor Applications and User Behavior - Effective SaaS security monitoring requires vigilant tracking and analysis of application performance, system health and user behavior. These insights help create benchmarks, enabling users to detect suspicious activity more easily and quickly respond to threats. For example, tracking user behavior patterns could reveal an unusual login from a location where the company has no employees, which is a clear indicator of compromise. Unusual user activity Leverage Security Alerts - Cybersecurity alerts are automatic notifications sent when a potential threat or security breach is detected. Leveraging these alerts enhances the ability to employ SaaS security measures to respond to possible vulnerabilities, such as unauthorised access attempts or unusual user activity. Users can enable security alerts in the following ways: Email notifications: Receive notifications in the email inbox for quick access and review. Mobile alerts: Set up alerts to go directly to the phone, so users can take immediate action even when they are away from their desk. PSA tool integration: Manage alerts within the professional services automation (PSA) tool for a streamlined workflow. These application integrations let users track and respond to security incidents directly within the PSA system, ensuring no missed alerts and documented response actions. This proactive approach to managed IT support service allows them to prioritise risks MSPs like Zephyr Networks use SaaS security alerts to protect their customers’ cloud applications 24/7, uncovering and responding to potential threats before they become larger security issues. This proactive approach to managed IT support service allows them to prioritise risks rather than reactively using resources to fix problems. Learn how to build a robust software stack with their guide for MSPs. SaaS application security efforts Automate Remediation - Automating remediation process helps address and mitigate threats without human intervention, streamlining SaaS application security efforts. Applying predefined responses, like locking an account if suspicious logins are detected, might minimise the escalation of an attack. Benefits of automated remediation include: Accelerated responses: Enabling immediate action when a threat is detected reduces the time it takes to contain and neutralise it. Reduced alert fatigue: Addressing specific alerts with automated remediation minimises the number of notifications the security team needs to manage daily. Minimised human errors: Automating remediation ensures consistent and accurate responses to threats. Optimised resources: Eliminating repetitive remediation tasks improves overall efficiency by allowing the team to focus on other tasks. Undermine security efforts The 2023 Cloud Security Study shows that human error is responsible for 55% of cloud-based data breaches Provide Security Awareness Training - The 2023 Cloud Security Study shows that human error is responsible for 55% of cloud-based data breaches. This statistic illustrates the importance of educating clients on best practices, reducing the likelihood that they perform actions that could undermine security efforts. Our partner Zephyr Networks, for example, offers regular training and awareness programs as part of its all-encompassing approach to managed cybersecurity. These sessions empower their customers with the knowledge they need to be well-versed in essential practices to prepare them to handle day-to-day threats. This education reduces employee-led breaches and promotes a strong security culture. Discover how to make a case for security awareness training. Strong security culture Take Proactive Measures - By anticipating and addressing potential threats proactively, users enhance SaaS security posture management, ensuring the clients’ operations remain smooth and uninterrupted, even in case of cyberattacks. Get started with these proactive measures: Regular browser and device updates: Ensuring all access points to the SaaS apps are up-to-date with the latest security patches closes potential gaps in the vulnerability protection. Business continuity planning: Developing and testing a plan for data recovery minimises disruptions in the event of an incident by ensuring users have clear procedures for restoring critical systems and information to maintain operations. Risk management: Regularly assessing and prioritising potential security threats helps users manage their resources more effectively. Implement best practices for SaaS security  With SaaS Alerts, users improve their ability to protect the customers and critical MSP tools from evolving threats. Their SaaS security platform: Monitors customers’ SaaS applications 24/7 for unusual user behavior Automates remediation of compromised accounts, mitigating potential damage  Syncs alerts with the PSA console for faster response times Creates detailed reports allowing users to show value to customers

Kaseya, the global provider of AI-powered cybersecurity and IT management software announced Kaseya 365 User, joining Kaseya 365 Endpoint which launched in April 2024, at DattoCon Miami. Kaseya 365 User gives managed service providers (MSPs) the ability to help their customers prevent, respond to, and recover from threats to user identity and security. SaaS Alerts Kaseya also announced it has acquired SaaS Alerts, an industry-pioneering cybersecurity company that helps MSPs monitor and protect customers’ SaaS application usage. SaaS Alerts’ technology is included for free as part of the Kaseya 365 User subscription, adding significant value to the new subscription for MSPs. AI-based automation "Our mission is to make our partners more profitable, by providing them a platform that provides far more AI-based automation than otherwise available, and offering that platform at a fraction of the cost,” said Fred Voccola, CEO, of Kaseya. “When we launched Kaseya 365 Endpoint earlier this year, the market response was astounding." Financial benefits "Our goal from the beginning of our journey was to ensure our MSP partners get the recognition and financial benefits that match the enormous value they provide to SMBs around the world. Now, with Kaseya 365 User, we get to take another major step." "Our partners can better protect themselves and their customers, automate service delivery, and once again vastly improve their unit economics for greater profitability.” Comprehensive protection While small businesses power the global economy, their technology infrastructure is largely dependent on MSPs While small businesses power the global economy, their technology infrastructure is largely dependent on MSPs to protect user data and respond to ever-present cyber threats. With Kaseya 365 User and Kaseya 365 Endpoint, MSPs can offer comprehensive protection for small business owners and their customers. Competitive advantage “Now more than ever, there is a massive advantage to being an MSP powered by Kaseya,” said Nick Martin, Director of Managed Services, at Mainstreet IT Solutions. “It’s a true competitive advantage because with Kaseya 365 User we’re getting more for less money, and we can pass along savings to our customers without sacrificing anything.” Cloud detection and response SaaS Alerts, a critical component of Kaseya 365 User, is the SaaS security platform for MSPs. This innovative technology allows MSPs to monitor and remediate any potential threat to their critical business applications or users in SaaS environments in real time and ensure critical business applications are safe from both internal and external threats. “As cyber threats are becoming more sophisticated, MSP tools need to evolve,” said Jim Lippie, CEO, of SaaS Alerts. “With cloud detection and response, MSPs can identify breaches and act on them quickly. This is a must-have for MSPs to protect their customers.” DattoCon Miami highlights Kaseya DattoCon event includes nine training sessions and six workshops so attendees can become better 2024's Kaseya DattoCon event includes nine training sessions and six workshops so attendees can become better versed in the products they already own.  Notable sessions include keynotes with Kaseya CEO Fred Voccola, philanthropist and innovator Mick Ebeling, and wildlife photographer Ron Magill. The event will end with the much-anticipated Golden Datto and Cooper Cares Awards and a Fright Night Halloween party. Additional key announcements from Kaseya Backup Concierge programme: Backup is the last line of defense and one of the most important tools for an MSP, but it represents one of their largest spends and highest risks. Kaseya is committed to solving the challenge, both commercially and technically, with a $10M investment in the new Backup Concierge programme. This programme is free for Kaseya Datto backup customers and is purpose-built to ensure they are optimising their profitability, as well as supporting their technical needs throughout the data protection journey for new and existing clients. Next-Gen Endpoint Backup: Building on its commitment to protecting data everywhere, Datto's Endpoint Backup expands to offer better control, more flexibility, and greater restore options - while still at a price point that makes it more profitable than any competitive solution on the market. Purpose-built for MSPs, it boasts centralised, policy-based management; smart scheduling with custom controls (ie, business hours); full control over throttling, data regions, and selective backup configurations (inclusions/exclusions); and is fully integrated with popular MSP solutions like IT Glue, PSAs, RMMs and more. Cooper Copilot Expands to PSA: With new AI features, Kaseya BMS and Autotask both amplify technicians' ability to swiftly act and communicate. Smart Ticket Summary saves time spent reading through tickets to see actions already taken, distilling it into a succinct recap. Smart Writing Assistant empowers technicians to send clear and professional messages to end-users by transforming their technical expertise into simple communication. Smart Resolution Summary automatically captures and documents the steps, actions, and outcomes involved in resolving IT tickets, creating a detailed record for future reference and faster issue resolution. These features streamline the ticket resolution process so techs can do more in less time. Better Together: Network Detective Pro and audIT are one platform delivering unparalleled audit, discovery, and reporting to MSPs to close more business and increase profits by showcasing IT value. New and existing partners get the automated capabilities of Network Detective Pro coupled with the dynamic presentation layer of audIT at no additional cost. New Capabilities to Vonahi: Vonahi has introduced a new prospecting test feature that allows MSPs to offer potential clients a preliminary pentest evaluation to demonstrate immediate value. Further, custom-branded reports can be exported to Microsoft Word for full customisation allowing MSPs to add additional data and customise report themes to fit their company brand.  Subscription offering Kaseya 365 User is a new subscription offering in addition to Kaseya 365 Endpoint (formerly Kaseya 365), which was introduced in April 2024.  Less than six months after launching, Kaseya 365 Endpoint protects more than 5.5 million devices.

Ransomware has been the number one source of nightmares for CISOs for years. Last year, businesses and organisations endured more than 317 million attempted ransomware attacks, according to Statista. Over 5,000 of those were successful, with hackers hauling in over $1 billion in settlements.   However, the threat landscape constantly evolves and grows, especially for MSPs with customers who use SaaS applications. The average small business has 217 applications in its software portfolio, and the average medium-sized business has 314. Managing and protecting an environment of this size has become increasingly difficult for MSPs. And hackers know it. Impact of SaaS applications To get an updated and clearer picture of the widespread impact of SaaS applications on MSPs, SaaS Alerts engaged Channel Mastered to conduct the State of SaaS Security 2024 report. Channel Mastered, an MSP consultancy, collected data from 2,804 providers of IT services, including 724 users of SaaS Alerts software, in April and May of 2024. Here’s what they discovered: Cloud vulnerabilities have surpassed ransomware on a long and growing list of cyber threats. SaaS security is generating substantial amounts of incremental monthly recurring revenue. SaaS security is imposing time-consuming and expensive operational burdens on MSPs. New cloud vulnerabilities The report identified cloud vulnerabilities as the third largest security threat end users face The report identified cloud vulnerabilities as the third largest security threat end users face, comfortably ahead of ransomware. Nearly 40% of MSPs called cloud vulnerabilities one of the top security threats their clients face. Only phishing and business email compromise attacks scored as larger dangers. But since both threats involve SaaS email applications, they are arguably cloud vulnerabilities too. Specific cloud vulnerabilities MSPs worry about include poor access management (cited by 54% of survey participants), misconfigurations (cited by 44%), and lack of multi-factor authentication (cited by 43%). SaaS-related incidents Given this long list of challenges, it’s no surprise that SaaS-related incidents have become disturbingly commonplace. Close to half (49%) of the MSPs in the survey said that more than five of their customers had experienced a SaaS compromise in the last year, and 22% said that over 10 accounts have had a compromise. However, MSPs using tools like SaaS Alerts reported far fewer account compromises. Specifically, SaaS Alerts partners experienced fewer account compromises than their peers, with 58% of them reporting fewer than six compromises over the last 12 months versus 48% of everyone else. Entire security stack SaaS Alerts’ users auto-remediate the issue at significantly higher rates When accounts are breached, SaaS Alerts’ users auto-remediate the issue at significantly higher rates. In fact, 76% of them said their SaaS security tool remediates compromises to prevent data loss and other malicious activity automatically, versus 67% of everyone else.  Predictably, considering numbers like that, SaaS Alerts users have more confidence about security than others and higher confidence in the effectiveness of their entire security stack. New revenue opportunities These online threats have enabled many MSPs to increase revenue by providing SaaS security. Many MSPs anticipate higher MRR this year when rolling out security applications like SaaS Alerts, with 65% of the MSPs surveyed collecting at least $50,000 of incremental MRR last year. Nearly half (44%) collected at least $100,000. Three-fourths expect to increase MRR in 2024, and 73% expect to increase security MRR Unsurprisingly, SaaS Alerts partners are outgrowing their competition because they have better tools and more security-related confidence. Three-fourths expect to increase MRR in 2024, and 73% expect to increase security MRR. By comparison, 64% of MSPs who don’t use SaaS Alerts anticipate higher MRR this year, and 66% predict higher security MRR. Evolving online threats Overall, MSPs armed with tools such as SaaS Alerts, designed specifically to address SaaS security challenges, experienced fewer account compromises, achieved higher annual MRR, and were more confident about their ability to keep clients secure. SaaS Alerts’ wants to enable MSPs to protect customers against evolving online threats while driving consistent MRR growth. MSPs using SaaS Alerts are markedly more effective at securing cloud environments than those who aren’t. Their partners experience greater confidence in their security stacks and services, along with higher MRR. They expect their revenue from security services to continue growing in the years ahead.