Security News
Critical gaps in existing solutions' capabilities, security architecture that doesn't recognize the browser as a prominent, standalone attack surface, and low resilience to web-borne threats are among the findings of a global survey by LayerX. 150 CISOs across multiple geographies and verticals were polled about their security practices across various disciplines that ultimately come down to securing users, data, and applications within the browser: secure SaaS access, SaaS security and data protection, BYOD, phishing protection, and browser security posture. Respondents' answers were classified according to their architecture: all-SaaS, hybrid, and mostly on-prem, showing how the relative importance of the browser increases concerning the level of the organization's SaaS adoption.
According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. The exponential growth in SaaS usage has security and IT teams struggling to keep up with which SaaS applications are being used and how.
According to Statista, the average organization employs 100+ SaaS apps, many of which are unsanctioned by IT, creating a glaring gap in SaaS security. Rather than approaching Security or IT to understand policies for onboarding new SaaS solutions - and facing the likelihood of red tape, delays, or denial for their requests - they break out the credit card or opt for a 30-day free trial of the SaaS apps.
There are essentially two ways to share files and documents out of a SaaS application, although the terminology used by M365, Salesforce, Google Workspace, and Box is slightly different. Sharing a file with anyone who has the link is much less cumbersome.
While SSO is an important step in securing SaaS apps and their data, having just SSOs in place to secure the SaaS stack in its entirety is not enough. SSO alone won't prevent a threat actor from accessing a SaaS app.
Employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk. To handle the SaaS Security challenges, security teams need to address the entire SaaS ecosystem.
While NIST hasn't directly developed standards related to securing the SaaS ecosystem, they are instrumental in the way we approach SaaS security. They need to integrate seamlessly with SaaS applications and provide coverage for the entire SaaS stack.
"In today's economic reality, security budgets have not necessarily been cut down, but buyers are far more careful in their purchasing decisions and rightfully so. We believe that you cannot secure what you do not know, so knowing should be a basic commodity. Once you understand the magnitude of your SaaS attack layer, you can make an educated decision as to how you are going to solve it. Discovery is the natural and basic first step and it should be accessible to anyone." said Galit Lubetzky Sharon, Wing's Co-Founder and CTO. The company reported that within the first few weeks of launching, over 200 companies enrolled in their self-service free discovery tool, adding to the company's existing customer base. The challenge is that SaaS applications are often onboarded by employees without involving IT or security teams.
While these SaaS-to-SaaS connections provide enhanced features that boost workflow efficiency, they also give permission for apps to read, update, create, delete, or otherwise engage with corporate and personal data. In its report, Adaptive Shield identifies how many SaaS apps are being connected to the core SaaS stack, specifically Microsoft 365 and Google Workspace and business-critical apps such as Salesforce and Slack, the types of permissions being granted to these applications, and the risk level these apps present.
Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it's clear that SaaS apps are a prime target for cyberattacks. Join us for an upcoming webinar that will equip you with the insights you need to overcome the top SaaS challenges of 2023.