Security News

Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible for securing their data. SaaS data breaches and SaaS ransomware attacks can lead to the loss or public exposure of that data.

Wing Security recently announced that it is making its SaaS application discovery engine available as a free, self-service product. The risks associated with SaaS Shadow IT have become more prevalent in recent years due to the widespread use of SaaS within organizations.

The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management. The scope of identity fabric includes any human, machine, or application that is granted access to your applications and data.

The attack ended when security teams were able to terminate user access, although data which had already been downloaded remained in the threat actor's hands. SaaS user permissions allow app owners to limit a user's resources and actions based on the user's role.

SaaS applications are often multi-tenanted, so your applications need to be secure against attacks where one customer could access the data of another customer, such as logic flaws, injection flaws, or access control weaknesses. Security testing with an automated vulnerability scanner in combination with regular pentesting can help you design and build secure web applications by integrating with your existing environment, catching vulnerabilities as they're introduced throughout the development cycle.

Security teams should onboard a SaaS Security Posture Management solution, like Adaptive Shield, that provides full visibility and control across a critical mass of SaaS apps in the SaaS stack. Security teams should be able to use the solution to gain context into security alerts and gain answers to questions like: Which users are subject to a certain misconfiguration? Are they admins? Is their MFA enabled? By having these answers at their fingertips, security teams can enforce company and industry policies to remediate potential risks from any misconfiguration.

In this Help Net Security video, Uri Haramati, CEO at Torii, talks about how it's impossible for IT to take full ownership or responsibility for managing cloud apps today. Instead, SaaS management is a team sport-but not all the players know they're on a team.

Every SaaS app user and login is a potential threat; whether it's bad actors or potential disgruntled former associates, identity management and access control is crucial to prevent unwanted or mistaken entrances to the organization's data and systems. Identity and Access Management solutions administer user identities and control access to enterprise resources and applications.

Many organizations use a Sandbox for their SaaS apps - to test changes without disrupting the production SaaS app or even to connect new apps. The same security concepts are used when creating a SaaS Sandbox - it duplicates the main instance of SaaS including its data.

It's been a year since the release of The Ultimate SaaS Security Posture Management Checklist. SaaS apps are dynamicand ever-evolving - apps' settings need to be modified on a continuous basis from security updates and app feature enhancements to employees added or removed, and user roles and permissions set, reset, updated, etc.