Security News
The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management. The scope of identity fabric includes any human, machine, or application that is granted access to your applications and data.
The attack ended when security teams were able to terminate user access, although data which had already been downloaded remained in the threat actor's hands. SaaS user permissions allow app owners to limit a user's resources and actions based on the user's role.
SaaS applications are often multi-tenanted, so your applications need to be secure against attacks where one customer could access the data of another customer, such as logic flaws, injection flaws, or access control weaknesses. Security testing with an automated vulnerability scanner in combination with regular pentesting can help you design and build secure web applications by integrating with your existing environment, catching vulnerabilities as they're introduced throughout the development cycle.
Security teams should onboard a SaaS Security Posture Management solution, like Adaptive Shield, that provides full visibility and control across a critical mass of SaaS apps in the SaaS stack. Security teams should be able to use the solution to gain context into security alerts and gain answers to questions like: Which users are subject to a certain misconfiguration? Are they admins? Is their MFA enabled? By having these answers at their fingertips, security teams can enforce company and industry policies to remediate potential risks from any misconfiguration.
In this Help Net Security video, Uri Haramati, CEO at Torii, talks about how it's impossible for IT to take full ownership or responsibility for managing cloud apps today. Instead, SaaS management is a team sport-but not all the players know they're on a team.
Every SaaS app user and login is a potential threat; whether it's bad actors or potential disgruntled former associates, identity management and access control is crucial to prevent unwanted or mistaken entrances to the organization's data and systems. Identity and Access Management solutions administer user identities and control access to enterprise resources and applications.
Many organizations use a Sandbox for their SaaS apps - to test changes without disrupting the production SaaS app or even to connect new apps. The same security concepts are used when creating a SaaS Sandbox - it duplicates the main instance of SaaS including its data.
It's been a year since the release of The Ultimate SaaS Security Posture Management Checklist. SaaS apps are dynamicand ever-evolving - apps' settings need to be modified on a continuous basis from security updates and app feature enhancements to employees added or removed, and user roles and permissions set, reset, updated, etc.
A new research study focused on SaaS usage among enterprises across the USA, UK, and Europe, highlights a striking difference between consumption and security of SaaS applications. The majority of respondents reported more than half of their applications are now SaaS-based, and 70% of organizations in the UK reported spending more on SaaS applications today than a year ago.
Threat actors are increasingly abusing legitimate software-as-a-service platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials. Because SaaS platforms simplify and streamline the process of creating new sites, phishing actors can easily switch to different themes, scale up or diversify their operations, and quickly respond to reports and takedowns.