Security News > 2022 > May > The SaaS-to-SaaS supply chain is a wild, wild mess
Employees in the digital transformation age are now compelled to choose their best-of-breed applications, independently adopting and connecting SaaS applications, no/low code platforms like Workato and Zapier, and SaaS marketplace third-party apps in order to increase productivity, creating a convoluted web of ever-growing app-to-app integrations.
These solutions provided value for their original purpose, but the SaaS-to-SaaS supply chain today thrives on application integration, non-human identities and app-to-app connectivity - leaving out the human element in order to streamline and automate work processes.
The SaaS-to-SaaS supply chain continues to grow uninhibited, without alerting security teams on new risks and connections created by non-human identities that cannot be resolved using traditional security controls designed for human-to-app interactions.
The number of supply chain attacks via third-party vendors has skyrocketed over the past few years, as malicious actors leverage non-human identities to gain unauthorized access to business applications.
The SaaS-to-SaaS supply chain with its unique characteristics is prone not only to third-party breaches, but also to various other ways by which malicious actors may leverage it as an attack vector.
Security teams must gain more visibility and control by bolstering their collaboration with business application teams, decentralized owners, citizen developers and end users to ensure the secure growth of the SaaS-to-SaaS supply chain and enhance innovation, increase productivity, and enable organizations to reap the benefits of their digital transformation journey.
News URL
https://www.helpnetsecurity.com/2022/05/13/saas-to-saas-supply-chain/