Druva has been evolving and improving its platform security since its inception and has sought ways to improve automation and visibility for security controls. Understanding the types of security controls put in place across the Druva platform will not only help you understand our focus on security but may help you re-evaluate the controls in place with other SaaS platforms and IT applications.
Given the business-critical nature of data under management, Druva seeks to make security intuitive and easy and to simplify the task of managing administrators. This blog explores our ongoing efforts to enhance security, focusing on password hygiene, admin MFA visibility, inactive account management, SSO login improvements, and global oversight of admin account operations.
Stringent Password Hygiene
Password hygiene has become increasingly critical in today’s digital landscape given the abundance of leaked credentials on the internet. Druva enforces strong password policies for its platform. Every administrator account must adhere to rules mandating minimum password lengths, complexity (e.g., uppercase/lowercase letters, symbols, and numbers), and periodic resets to prevent credential reuse. Make sure every application in your enterprise has not only strong password requirements but also other controls such as periodic resets.
Visibility into Admin MFA Configuration
Multifactor authentication (MFA) is one of the most effective ways to safeguard admin accounts from unauthorized access. Yet, ensuring its universal adoption across administrator accounts can be challenging.
To address this, Druva introduced a filter to provide cloud administrators visibility into the MFA configuration status of all accounts. This feature makes it easy to monitor which admins have configured MFA and helps in ensuring compliance.
With a recent update, Druva enabled MFA for all administrator accounts, achieving an impressive 98% adoption rate, and securing these accounts further, against credential theft attacks.
Druva also supports Single Sign On (SSO) using 3rd party Identity Providers (IdP) (Okta, Ping, and others can be found on our security integrations webpage).
A best practice to consider when configuring Druva Data Security Cloud administrative access is to run your primary administrator account via your company SSO IdP, and a secondary administrator account that uses a separate MFA (i.e., Druva’s) in case of SSO compromise access to the DCP can still be established.
Mitigating Risks with Administrator Lifecycle Management
Inactive administrator accounts are a major risk vector for any business-critical application. These accounts, if left unchecked, can widen your attack surface by giving cybercriminals more opportunities to gain access.
When Druva discovered that multiple accounts had a large number of inactive administrators on the platform, we decided to put more controls in place. We implemented automated admin lifecycle policies, which govern the creation, monitoring, and deactivation of admin accounts. Through a system-wide clean-up process, Druva prompted customers to eliminate inactive administrators and subsequently eliminated a significant percentage of the accounts, drastically reducing the attack surface across customer accounts and ensuring that only active and authorized personnel retain access to critical administrative functionalities.
Additional Security Layers for Break-Glass Logins
Protecting data requires advanced security measures, especially when it comes to accessing your Druva tenant through break-glass or failsafe accounts. To bolster security in such scenarios, Druva has implemented an additional layer of protection to safeguard your tenant from unauthorized access.
If an administrator needs to log in using a break-glass account, they must first create a formal request with Druva Support. This proactive approach ensures all access requests are thoroughly authenticated. Once verified, Druva Support temporarily enables the failsafe login option and guides the administrator through the secure login process.
What sets this process apart is the comprehensive vetting and auditing involved. Every failsafe login is diligently reviewed by Druva Support to confirm its necessity and validity. These stringent protocols don’t just enhance security—they also ensure a clear audit trail, providing organizations with greater peace of mind and compliance with security best practices.
Global Visibility into Admin Operations
During security incidents, it’s critical to know the full history of all admin-related activities, such as the creation or deletion of other administrator accounts. Without visibility into these operations, teams may fail to act promptly against attacks.
To address this, Druva introduced a notification system that sends alerts via email to all Druva Cloud Platform (DCP) administrators whenever administrator accounts are added or removed. This simple but effective measure ensures complete visibility into potentially unauthorized actions and facilitates faster incident response.
All API calls and administrative-level actions performed in the DCP are logged, these logs are protected from deletion and stored indefinitely by the DCP.
Enhanced Monitoring by Leveraging APIs
Centralizing critical activity monitoring is essential for maintaining robust security and compliance. By leveraging API-driven event management, Druva enables customers to push all tenant access and configuration settings events to a centralized location. This approach ensures complete visibility and tracking of key activities, significantly reducing the risk of overlooked events.
Beyond enhancing security and auditability, API integration empowers businesses to seamlessly connect with their existing security and monitoring tools. Customers can automate workflows, enabling quicker, more efficient responses to operational needs. Additionally, the flexibility to build custom integrations tailored to specific requirements provides organizations with a scalable solution that meets unique objectives while streamlining operations. With API-driven event management, businesses not only strengthen their defenses but also boost their efficiency and adaptability.
Backed by AWS Cognito for Seamless Management
At the core of Druva’s security capabilities lies its integration with AWS Cognito, a powerful tool enabling simplified user authentication and management. Here’s how AWS Cognito enhances Druva’s platform security:
Simplified and secure user authentication: Druva seamlessly integrates with SSO solutions and identity providers (IdPs) through SAML, OAuth, and OpenID Connect protocols.
Centralized user management: Administrators benefit from centralized user directories, automated provisioning through enterprise IdPs, and Role-Based Access Control (RBAC) capabilities to assign permissions effectively.
Compliance and monitoring: Druva keeps customers ahead of regulatory requirements like GDPR, HIPAA, and SOC 2 while enabling event tracking through AWS CloudTrail for better security monitoring.
Improved end-user experience: With support for federated (corporate) logins and self-service account recovery, end-users enjoy a seamless, secure authentication process.
Future-Proofing Platform Security
At Druva, helping customers secure their data is a never-ending mission. While the platform continues to evolve and adapt, these measures demonstrate Druva’s commitment to staying one step ahead of emerging threats. For detailed information on the security enhancements that we release almost every month, check out our product documentation.
The measures outlined above directly contribute to reducing risk and improving operational efficiency for Druva’s customers. Some key outcomes include:
Significant reduction in administrator count: By purging inactive administrators, Druva significantly reduced the attack surface, making it harder for cybercriminals to find entry points.
98% MFA adoption rate: Mandatory MFA ensures administrator accounts are equipped with multiple layers of security to counter credential attacks.
Proactive monitoring with notifications: Alerts for admin account changes boost transparency, helping customers quickly identify and mitigate unauthorized activities.
The evolving landscape of security threats demands vigilance and proactive improvement in every enterprise. Take a cue from Druva’s approach and evaluate the security measures within your organization and across your SaaS applications.
Curious to see how Druva can elevate your data security game? Experience it for yourself with our free trial!