: Guidelines for SaaS Policy Rule Recommendations
Focus
Focus

Guidelines for SaaS Policy Rule Recommendations

Table of Contents

Guidelines for SaaS Policy Rule Recommendations

Learn about the guidelines for effective collaboration between network administrator and SaaS administrator on policy rule management.
Before you create SaaS policy rule recommendations, consider the following guidelines for effective workflow and rulebase management, starting with collaboration, followed by authoring.

Guidelines for SaaS Policy Collaboration

SaaS security is a team effort. In most large organizations, the administrator who authors SaaS policy rule recommendations is distinct from the administrator who has the authority to import and commit those rule recommendations to Security policy—each contributor playing a unique role in security. Your platform provides the unique role permissions to enforce your organization’s workflows.
SaaS Security Inline tightly integrates with your Palo Alto Networks firewall or Prisma Access and uses SaaS policy rule recommendations to facilitate a seamless workflow between your organization’s SaaS administrator and firewall administrator or Prisma Access administrator. A SaaS policy rule recommendation is a request from the SaaS administrator to the firewall administrator or Prisma Access administrator for specific SaaS policy enforcement. Such collaboration is designed to increase your organization’s security posture.
As you collaborate on SaaS policy rule recommendations, adhere to the following workflow guidelines:
  • Collaborate on policy rule authoring—Product integration enables collaboration, but is not intended to replace communication. Because a firewall administrator or Prisma Access administrator understands all the intricacies of Security policy and your organization’s rulebase, the integration provides the firewall administrator or Prisma Access administrator complete control and flexibility to override any SaaS administrator’s SaaS policy rule recommendation. Although a SaaS administrator can recommend Security policy rules, the actual rule that the firewall administrator or Prisma Access administrator creates determines enforcement and is not displayed in the SaaS Security Inline web interface. However, collaboration works best when both administrators operate as if the SaaS side is the source of truth.
  • Collaborate on policy rule management—SaaS policy rule recommendations might require changes, either to improve the rule or to resolve an error. In such cases, firewall administrators or Prisma Access administrators do not delete the SaaS policy rule recommendations, nor the Security policies on which the SaaS policy rule recommendations are based; rather, the firewall administrator or Prisma Access administrator asks the SaaS administrator to modify the existing recommendation or delete and create a new rule with the agreed upon changes to keep the interfaces in sync.
  • Collaborate daily—The sooner your policy rule recommendations are active, the sooner your organization will prevent risky SaaS application usage. It is recommended that firewall administrators or Prisma Access administrators check and implement policy rule recommendations daily. If the firewall administrator or Prisma Access administrator did not import a SaaS policy rule recommendation, the recommendation might not be in good order, and the SaaS administrator must promptly coordinate with the network administrator to modify the recommendation.

Guidelines for SaaS Policy Rule Recommendation Authoring

It’s important for SaaS administrators to help firewall administrators or Prisma Access administrators keep rulebase manageable (avoid shadow rules or conflicting rules) by creating SaaS policy rule recommendations that are targeted. Before you create your SaaS policy rule recommendations, adhere to the following authoring guidelines to achieve SaaS policy rule recommendations that meet your organization’s unique security needs:
  • Wait for the data—Wait for SaaS Security Inline to display 7 business days of analytics, then analyze and view the discovered SaaS apps.
  • Research user behavior—Reach out to your users to find out why and how they use specific SaaS apps, and if they have business reasons for doing so.
  • Determine risk tolerance—Each organization has its own risk tolerance. Understand and identify your organization’s risk tolerance and existing compliance agreements.
  • Assess SaaS app compliance—Assess the compliance attributes for the SaaS apps your users use based on your organization’s risk tolerance and existing compliance agreements. Define custom risk scores, if necessary, to represent how your company perceives the risk of individual SaaS apps.
  • Categorize your SaaS appsTag sanctioned and unsanctioned and tolerated SaaS apps based on your organization’s business, risk tolerance, and compliance and contract obligations.