Skip to main content

Cybersecurity Executive Order 2021: What It Means for Cloud and SaaS Security.




In response to malicious actors targeting US federal IT systems and their supply chain, the President released the "Executive Order on Improving the Nation's Cybersecurity (Executive Order)."
Although directed at Federal departments and agencies, the Executive Order will likely have a ripple effect through the Federal technology supply stream. Private companies and enterprises will look to the Executive Order to build their best practices.
At a high level, the Executive Order includes information-sharing requirements, a push toward cloud and Zero Trust architectures, and enhancing transparency throughout the software supply chain.

Understanding the fundamentals of the White House Executive Order on Improving the Nation's Cybersecurity

The bulk of the Executive Order focuses on administrative tasks associated with it, including redefining contract language, setting timelines, and defining agency roles and responsibilities. For enterprises that don't supply technology to the federal government, the Executive Order may feel unimportant.
In reality, several of the basic tenets could be used by companies operating outside the federal IT supply chain, including:

Better intelligence sharing

Modernizing agency infrastructure with cloud and Zero Trust

Securing the federal IT software supply chain

What the Executive Order Says

The text of the Executive Order is long and comes with all the regulatory jargon associated with the law. Breaking it down into bite-size chunks gives a good overview, though.

Better information sharing

The short, succinct point of this one is that "everyone needs to play nicely and stop hiding behind contracts." In a nutshell, the Executive Order looks to create a more meaningful information-sharing opportunity for agencies and vendors when threat actors find and exploit a vulnerability.

Move to cloud and create Zero Trust Architecture

Although this one mostly speaks for itself, the requirements in the Executive Order created a bit of panic across the federal space because a lot of the timelines are super short. For example, within 60 days, federal agencies need to:

Prioritize resources to move to the cloud as rapidly as possible

Plan to implement Zero Trust Architecture (ZTA)

Get things as secure as possible and remediate cyber risk

Finally, within 180 days, they all need to adopt multi-factor authentication (MFA) and encryption both at-rest and in-transit. With agencies adopting Software-as-a-Service (SaaS) applications to modernize their IT stacks, identity, and access control configurations, including multi-factor authentication, act as a primary risk mitigation strategy.

Secure the supply chain

Without even needing to list the recent supply chain hacks and breaches, this is the least surprising of all the requirements. Surprising very few people, this section includes several key bullet points:

Create criteria for software security evaluation

Establish standard and procedures for secure software development

Establish a "Software Bill of Materials" that lists all the technology "ingredients" developers use

What the Executive Order Means for Enterprises

For agencies, this is going to take a bit of work. For enterprises, this is likely a harbinger of things to come. The problem is that while the Executive Order is a great start, the two primary requirements for putting Zero Trust into effect, MFA and encryption, don't really close all cloud security gaps.
According to the 2021 Data Breach Investigations Report (DBIR) misconfigurations remain a primary threat vector for cloud architectures. The increased use of Software-as-a-Service (SaaS) applications actually trigger two different attack patterns:

Basic Web Application Attacks: focused on direct objectives, ranging from access to email and web application data to repurposing the web application to distribute malware, defacement, or Distributed Denial of Service (DDoS) attacks.

Miscellaneous Errors: unintentional actions, usually by an internal actor or partner actors, including sending data to the wrong recipients.

According to the DBIR, the basic web application attacks include things like credential theft and brute force attacks. Meanwhile, the Miscellaneous Errors subset also included things like cloud-based file storage being placed onto the internet with no controls.
These attack vectors show the importance of SaaS security management to cloud security as a whole. Many enterprises lack visibility into their configurations, and the proliferation of SaaS applications makes manual configuration monitoring nearly impossible. As enterprises continue on their digital transformation journey, configuration monitoring and management will only become more difficult.
Cloud security, even with a focus on establishing a Zero Trust Architecture, needs to incorporate SaaS application security. As agencies and enterprises in their supply chain incorporate SaaS apps, the security risk that misconfigurations pose needs to be addressed.

The Enhance SaaS Security Playlist

As agencies and enterprises start looking for solutions, enhancing SaaS security should be on the "proactive steps to take" list.

Integrate all applications: Travel the Long and Winding Road

Doing the business of your business requires many applications, especially across remote workforces. Despite a potentially long purchase cycle, adding applications to your stack is relatively easy. Your IT team creates some connections to your cloud infrastructure using APIs, then adds the users. People can get down to business.
Learn more about how to prevent misconfiguration risks in your SaaS app estate
Managing SaaS app security for the long term is the big challenge. You have a lot of applications, and each one has unique configurations and language. No organization can have an expert in every application language and configuration. If you can integrate all your applications into a single platform that creates a standardized approach to configurations, you're taking the first step down the long and winding road to securing your cloud infrastructure.

Verify access and enforce policies: Stop Believin'

While Journey might say "don't stop believin,'" a Zero Trust Architecture means not believing anyone or anything until they provide the right proof. For example, MFA doesn't work on a system that uses legacy authentication protocols like IMAP and POP3. If you need to secure your SaaS stack and meet these short timelines, you need visibility into all user access, especially Privileged Access holders like super admins or service accounts.
Enterprises need unified policies across all SaaS applications, ensuring continuous compliance. This means the ability to analyze every user's access across all your SaaS platforms by role, privilege, risk level, and platform with the ability to mix and match as you search, so you have the insights you need, when you need them.
Eliminate SaaS misconfigurations

Monitor SaaS security continuously: You Oughta Know.

The hardest part of SaaS security is that it continuously changes, like employees sharing documents with third parties or adding new non-company users to collaboration platforms. The problem is that the Executive Order and most other compliance mandates assume that you oughta know about your risk posture because you're continuously monitoring your security.
You need always-on SaaS security that provides real-time risk identification, context-based alerts, and risk prioritization.

Automate remediation activities: Never Gonna Let You Down

No single human being can manage SaaS security manually.
Manually managing the risks arising from so many users, so many applications, and so many locations will leave the IT department running on espresso and energy drinks and, unfortunately, most likely, missing a critical risk.
Automating the SaaS security process in a single cloud-based platform is the most efficient way to manage the process. SaaS platform management solutions meet your security where it lives, in the cloud, so you can automate your security at cloud-speed, reduce risk, and strengthen your security and compliance posture.

Adaptive Shield: SaaS Performance Security Management is the Missing Link

Adaptive Shield provides full visibility into one of the most complex issues in cloud security. This SaaS security posture management solution enables enterprises to monitor for misconfiguration risks across the SaaS estate continuously: from configurations that cover malware, spam, and phishing to suspicious behavior and incorrectly configured user permissions.
Adaptive Shield aligns technical controls with CIS Benchmarks and can map controls' compliance to NIST 800-53 as well as other frameworks.
The Adaptive Shield SaaS security platform management solution also natively connects with Single-Sign-On (SSO) solutions, like Azure, Ping, and Okta, to help track MFA use across the organization.
With SaaS applications becoming the rule rather than the exception for modern businesses, cloud security relies on continuously monitoring for risky SaaS misconfigurations.



#THN


#osutayusuf 

Comments

Post a Comment

Popular posts from this blog

More Than 100 Angry Youths Chased Maracha District Officials Out of Site Meeting Over Corruption.

📸: Some of the angry Youths displaying placards as others walked in to stop the ongoing meeting by Maracha District officials. Story by Osuta Yusuf. Maracha District. 3-February-2025. 📸: Kololo Public Seed Secondary School whose construction project has again stalled. Photo by Osuta Yusuf, Our News Reporter. The angry youths from Vurra Parish, Tara Sub-county in Maracha East constituency, Maracha District have on Monday 3-Feb-2025 chased the entire Maracha District officials out of a site meeting in Kololo Seed Secondary over allegations of corruption stemming from the stalled seed school construction project. Key Maracha District officials who went for the site meeting on Monday 3-Feb-2025 include, the Security department headed by the deputy RDC Koliba Monica Kotevu and Assistant RDC Collins Dramani, the LC5 Chairperson Hon Obitre Stephen together with his DEC Councilors, the accounting  / technical department headed by the CAO Mr Olila Patrick, the Engi...
Post a Comment
Read more

Ambassador Angualia Richard Perished in a Fatal Accident.

Story by Osuta Yusuf. Arua City. 29-7-2025. 📸: Portrait of Ambassador Angualia Richard. Courtesy Photo. Former Uganda's Ambassador to Egypt, Ambassador Angualia Louis Richard has been reported dead this evening 5pm 28-7-2025 after he was involved in a head-on collision accident with another motorcycle rider near Abi Farm, Ayivu East Constituency in Arua City. 📸: Photos from the scene of the Accident. Courtesy Photos. He met his death this evening while riding on a Bajaj Motorcycle. Amb. Angualia, who contested in 2011 for Maracha County but lost to Hon Alex Onzima Adrooa. In 2016 when two Constituencies were created in Maracha District, carving Maracha Constituency and Maracha East constituency, Ambassador Angualia contested for Maracha Constituency MP position in 2016 but lost to Hon Oguzu Lee Denis. Ambassador Angualia later shifted to contest in Maracha East Constituency but again lost to Hon Ruth Lematia Molly Ondoru during the 4-September-2020...
1 comment
Read more

Lab Student Drowned, Body Missing in Rokoze Lake in Nyadri Sub-county, Maracha District.

Maracha District.  5-December-2025. 📸: Residents gathered around the lake as they searched the missing body of the student. Photo by #Information_is_Power's news reporter.  This afternoon Friday 5-December-2025, a student from St Joseph Laboratory Training School in Maracha hospital, a one  Araku Denis drowned in Rokoze water body in Nyadri Sub-county and the  body has not been retrieved upto this night as the police and residents searched for it and in vain but they are expected to resume retrieving it tomorrow Saturday 6-December-2025. 📸: Photo of the deceased which we captured on his phone screen this night. Araku and his fellow students had  reportedly gone to pass time at water point after completing exams papers of today. Him and callagues got attracted to swimming at water body where he perished.  By press time, efforts to retrieve his body proved futile as the body remains invisible on water surface.  Rokoze water body...
Post a Comment
Read more