Guidelines for SaaS Policy Rule Recommendations

Learn about the guidelines for effective collaboration between firewall administrator and SaaS administrator on policy rule management.
Before you create SaaS policy rule recommendations, consider the following guidelines for effective workflow and rulebase management, starting with collaboration, followed by authoring.

Guidelines for SaaS Policy Collaboration

SaaS security is a team effort. In most large organizations, the firewall administrator and the SaaS administrator are two distinct contributors—each playing a unique role in security. Your firewall is your organization’s first line of defense; therefore, SaaS Security Inline tightly integrates with your Palo Alto Networks firewalls and uses SaaS policy rule recommendations to facilitate a seamless workflow between your organization’s SaaS administrator and firewall administrator. A SaaS policy rule recommendation is a request from the SaaS administrator to the firewall administrator for specific SaaS policy enforcement. Such collaboration is designed to increase your organization’s security posture.
As you collaborate on SaaS policy rule recommendations, adhere to the following workflow guidelines:
  • Collaborate on policy rule authoring
    —Product integration enables collaboration, but is not intended to replace communication. Because a firewall administrator understands all the intricacies of Security policy and your organization’s rulebase, the integration provides the firewall administrator complete control and flexibility to override any SaaS administrator’s SaaS policy rule recommendation. Although a SaaS administrator can recommend Security policy rules, the actual Security policy rule that the firewall administrator creates determines enforcement and is not displayed in the SaaS Security Inline web interface. However, collaboration works best when both administrators operate as if the SaaS side is the source of truth.
  • Collaborate on policy rule management
    —SaaS policy rule recommendations might require changes, either to improve the rule or to resolve an error. In such cases, firewall administrators do not delete the SaaS policy rule recommendations, nor the Security policies on which the SaaS policy rule recommendations are based; rather, the firewall administrator asks the SaaS administrator to modify the existing recommendation or delete and create a new rule with the agreed upon changes to keep the interfaces in sync.
  • Collaborate daily
    —The sooner your policy rule recommendations are active, the sooner your organization will prevent risky SaaS application usage. It is recommended that firewall administrators check and implement policy rule recommendations daily. If the firewall administrator did not import a SaaS policy rule recommendation, the recommendation might not be in good order, and the SaaS administrator must promptly coordinate with the firewall administrator to modify the recommendation.

Guidelines for SaaS Policy Rule Recommendation Authoring

It’s important for SaaS administrators to help firewall administrators keep rulebase manageable (avoid shadow rules or conflicting rules) by creating SaaS security rule recommendations that are targeted. Before you create your SaaS security rule recommendations, adhere to the following authoring guidelines to achieve policy rule recommendations that meet your organization’s unique security needs:
  • Wait for the data
    —Wait for SaaS Security Inline to display 7 business days of analytics, then analyze and view the discovered SaaS apps.
  • Research user behavior
    —Reach out to your users to find out why and how they use specific SaaS apps, and if they have business reasons for doing so.
  • Determine risk tolerance
    —Each organization has its own risk tolerance. Understand and identify your organization’s risk tolerance and existing compliance agreements.
  • Assess SaaS app compliance
    —Assess the compliance attributes for the SaaS apps your users use based on your organization’s risk tolerance and existing compliance agreements. Define custom risk scores, if necessary, to represent how your company perceives the risk of individual SaaS apps.
  • Categorize your SaaS apps
    Tag sanctioned and unsanctioned and tolerated SaaS apps based on your organization’s business, risk tolerance, and compliance and contract obligations.

Recommended For You