Enhancing SSO visibility and security with AWS AppFabric and JumpCloud

As organizations embrace Single Sign-On (SSO) to streamline user access across multiple software-as-a-service (SaaS) applications, maintaining visibility and security becomes more complex. A recent JumpCloud study of over 1,200 global IT admins, revealed that while 35% of organizations have deployed SSO across all their applications, 52% have only adopted it for certain applications, and 13% don’t use SSO at all. This piecemeal adoption of SSO creates security blind spots as teams struggle to monitor user behavior and detect anomalies across their growing SaaS ecosystem.

Companies have increased their use of SaaS applications to offer their employees with the productivity and collaboration tools they need to complete their work. These purpose-built tools are designed to help the organization focus on their core business activities rather than software development and maintenance. However, as SaaS usage expands, IT leaders and security teams face distinct challenges to keep corporate data shared across these SaaS applications secure. For example, security team must spend more time monitoring application usage data for threats and suspicious behavior, while also maintaining security oversight and compliance requirements.

To begin to alleviate these challenges, IT teams often start by building point-to-point (P2P) integrations between each SaaS application and security tools to analyze audit logs and ensure the security oversight of their SaaS applications. Building these integrations take weeks to implement, resources to build, and ongoing maintenance that can result in incomplete application coverage and restrained innovation.

Addressing SaaS Application Security Challenges with AWS AppFabric

AWS AppFabric, a managed service, tackles these security challenges by integrating with leading multiple SaaS tools like JumpCloud Open Directory Platform. It automatically normalizes disparate SaaS data into a consolidated view of user activity logs and security events.

By eliminating the effort associated with building and managing P2P integrations, IT leaders and security teams quickly connect their SaaS applications through the AWS AppFabric console – no coding required or ongoing integration management needed. Normalized SaaS application audit log data is available in the Open Cybersecurity Schema Framework (OCSF), an open-source, vendor-agnostic security schema. Normalized audit logs enable security teams to ingest these logs into a security tool for analytics, configuring alerts, and monitoring for anomalous behavior.

AppFabric enriches log data with a unique user identification (e.g., user@corporation.com), enabling customers to centrally monitor their events across multiple applications for potential risks, such as large file downloads, logins from unknown locations, publicly shared data, and changes to admin privileges. AppFabric also includes a user access feature that allows security and IT admins to quickly determine which users have access to specific applications, reducing the time spent on manual user provisioning and deprovisioning tasks.

The Power of Combined Capabilities

When integrated, JumpCloud and AppFabric offer a comprehensive solution that addresses key challenges faced by IT and security teams:

1. Enhanced Visibility: By consolidating and normalizing log data, the integration provides an effective mechanism to monitor user activities and detect potential incidents, eliminating data silos.
2. Unified Schema for Querying: AppFabric automatically normalizes SaaS application data into the OCSF standard, simplifying the process of querying and analyzing data for anomalous behavior or security threats.
3. Leveraging AWS Analytics and AI: Customers can store the normalized data in Amazon Security Lake or another data lake, and use services like Amazon Q in QuickSight to analyze the data, identify trends, and detect anomalies.

The integration between JumpCloud and AppFabric enables teams to improve their security posture and increase operational efficiency by quickly integrating, querying, and leveraging AI to understand their core SSO applications in real-time.

Getting Started with AWS AppFabric logs with JumpCloud

AppFabric supports receiving user information and audit logs from JumpCloud. Please refer to this documentation on how to get started.

Conclusion

To get started with this integration, navigate to AWS AppFabric to begin authorizing and connecting your applications. If you don’t have a JumpCloud account, schedule a demo to learn more about how you could leverage JumpCloud and AppFabric.