Security News
The paradox lies in the fact that it's the security team's responsibility to secure the organization's SaaS app stack and they cannot effectively execute this task without full control of the SaaS app. While the security and IT teams are reported to be the main destination for SaaS app management, it's the 40% of business departments also taking part and having full access that complicates the threat landscape.
SaaS services are highly valuable targets as data is now being stored in the different apps and services. In this Help Net Security video, Yoav Kalati, Head of Threat Intelligence at Wing Security, illustrates how it's no surprise that SaaS security is failing.
The challenge in remediating the threats posed by endpoints and devices lies in the ability to correlate between the SaaS app users, their roles, and permissions with their associated devices' compliance and integrity levels. Not a simple feat automated SaaS Security Posture Management solutions, like Adaptive Shield, can now provide visibility that correlates the SaaS user and their associated devices with the device's hygiene score.
There are three main challenges that have arisen stemming from this evolution: While SaaS apps include a host of native security settings, they need to be hardened by the security team of the organization. Employees are granting 3rd party app access to core SaaS apps that pose potential threats to the company.
When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. While companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the 2022 SaaS Security Survey Report.
SaaS applications have become synonymous with modern business environments, and CISOs and security teams struggle to find a happy medium between ensuring the security of their SaaS portfolio and empowering the organization's streamlined business workflows and productivity. In recent conversations with leading CISOs in the global market, including Frank Kim, fellow and former CSO at the SANS Institute; Sounil Yu, CSO at JupiterOne; Ray Espinoza, VP Cloud Security at Medallia; Leon Ravenna, CISO at KAR Global; Alex Manea, CISO at Georgian and Tim Fitzgerald, CISO at Arm, we took a deep dive into the CISO perspective on SaaS challenges, security pitfalls, actionable tips for successful SaaS management and to avoid the dreaded "Death by 1000 apps."
SaaS sprawl grows with the number of applications an organization uses in its SaaS stack, and as information in the different applications is distributed, it becomes less and less centralized, resulting in data sprawl. The ubiquity of SaaS applications means that they encourage shadow SaaS. Neither new nor unusual, this activity allows employees to take advantage of available SaaS solutions that meet their own specific needs in a way they feel is not being met by the organization.
The 2022 SaaS Security Survey Report, in collaboration with CSA, examines the state of SaaS security as seen in the eyes of CISOs and security professionals in today's enterprises. The report gathers anonymous responses from 340 CSA members to examine not only the growing risks in SaaS security but also how different organizations are currently working to secure themselves.
Employees in the digital transformation age are now compelled to choose their best-of-breed applications, independently adopting and connecting SaaS applications, no/low code platforms like Workato and Zapier, and SaaS marketplace third-party apps in order to increase productivity, creating a convoluted web of ever-growing app-to-app integrations. These solutions provided value for their original purpose, but the SaaS-to-SaaS supply chain today thrives on application integration, non-human identities and app-to-app connectivity - leaving out the human element in order to streamline and automate work processes.
Torii announced a report revealing that 69% of tech executives believe shadow IT is a top concern related to SaaS - or cloud application - adoption. The majority of respondents have made exceptions to their SaaS security protocols, with 80% doing so because the applications were adopted outside IT's purview.