Security News

"In today's economic reality, security budgets have not necessarily been cut down, but buyers are far more careful in their purchasing decisions and rightfully so. We believe that you cannot secure what you do not know, so knowing should be a basic commodity. Once you understand the magnitude of your SaaS attack layer, you can make an educated decision as to how you are going to solve it. Discovery is the natural and basic first step and it should be accessible to anyone." said Galit Lubetzky Sharon, Wing's Co-Founder and CTO. The company reported that within the first few weeks of launching, over 200 companies enrolled in their self-service free discovery tool, adding to the company's existing customer base. The challenge is that SaaS applications are often onboarded by employees without involving IT or security teams.

While these SaaS-to-SaaS connections provide enhanced features that boost workflow efficiency, they also give permission for apps to read, update, create, delete, or otherwise engage with corporate and personal data. In its report, Adaptive Shield identifies how many SaaS apps are being connected to the core SaaS stack, specifically Microsoft 365 and Google Workspace and business-critical apps such as Salesforce and Slack, the types of permissions being granted to these applications, and the risk level these apps present.

Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it's clear that SaaS apps are a prime target for cyberattacks. Join us for an upcoming webinar that will equip you with the insights you need to overcome the top SaaS challenges of 2023.

Gartner forecasts a 16.8% growth for SaaS in 2023 as companies - including SMBs - add new SaaS platforms to their IT stack. Too often we find SMBs think security is all in the hands of the SaaS provider, when in fact the SaaS customer is always responsible for their data and their users.

While zero trust can be an effective approach to security, it can also present some challenges, particularly when it comes to implementing it for software as a service due to the fast pace of its adoption, distributed ownership of SaaS applications across organizations, and the shared responsibility model between a SaaS vendor and a customer. The traditional approach to SaaS security challenges has been to use a cloud access security broker and/or identity provider to manage access to SaaS applications.

Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible for securing their data. SaaS data breaches and SaaS ransomware attacks can lead to the loss or public exposure of that data.

Wing Security recently announced that it is making its SaaS application discovery engine available as a free, self-service product. The risks associated with SaaS Shadow IT have become more prevalent in recent years due to the widespread use of SaaS within organizations.

The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management. The scope of identity fabric includes any human, machine, or application that is granted access to your applications and data.

The attack ended when security teams were able to terminate user access, although data which had already been downloaded remained in the threat actor's hands. SaaS user permissions allow app owners to limit a user's resources and actions based on the user's role.

SaaS applications are often multi-tenanted, so your applications need to be secure against attacks where one customer could access the data of another customer, such as logic flaws, injection flaws, or access control weaknesses. Security testing with an automated vulnerability scanner in combination with regular pentesting can help you design and build secure web applications by integrating with your existing environment, catching vulnerabilities as they're introduced throughout the development cycle.