Security News > 2023 > February > Security teams have no control over risky SaaS-to-SaaS connections
While these SaaS-to-SaaS connections provide enhanced features that boost workflow efficiency, they also give permission for apps to read, update, create, delete, or otherwise engage with corporate and personal data.
In its report, Adaptive Shield identifies how many SaaS apps are being connected to the core SaaS stack, specifically Microsoft 365 and Google Workspace and business-critical apps such as Salesforce and Slack, the types of permissions being granted to these applications, and the risk level these apps present.
For the companies using Google Workspace, that figure jumps to an average of 13,913 connected apps for 10,000 - 20,000 SaaS users.
While the risk level for permissions varies from one app to the next, researchers found that 39% of apps connected to Microsoft 365 and 10% to Google Workspace have 'high-risk' permission access.
"The simple app-to-app connectivity that makes SaaS apps vital productivity tools also makes them significantly dangerous," said Maor Bin, CEO of Adaptive Shield.
"While it's clearly unrealistic to expect businesses to curb their reliance on SaaS apps, they cannot allow this adoption to go unchecked. To eliminate these risks companies must develop policies for integrating apps, prioritize employee training, and deploy monitoring solutions that help over-taxed security teams identify and eliminate high-risk permission sets before it's too late."
News URL
https://www.helpnetsecurity.com/2023/02/28/saas-to-saas-connections-risks/
Related news
- Obsidian Security Warns of Rising SaaS Threats to Enterprises (source)
- SOC teams are frustrated with their security tools (source)
- Social Media Accounts: The Weak Link in Organizational SaaS Security (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- 5 Ways to Reduce SaaS Security Risks (source)
- Top 5 Cloud Security Automations for SecOps Teams (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)