Security News
While SSO is an important step in securing SaaS apps and their data, having just SSOs in place to secure the SaaS stack in its entirety is not enough. SSO alone won't prevent a threat actor from accessing a SaaS app.
Employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk. To handle the SaaS Security challenges, security teams need to address the entire SaaS ecosystem.
While NIST hasn't directly developed standards related to securing the SaaS ecosystem, they are instrumental in the way we approach SaaS security. They need to integrate seamlessly with SaaS applications and provide coverage for the entire SaaS stack.
"In today's economic reality, security budgets have not necessarily been cut down, but buyers are far more careful in their purchasing decisions and rightfully so. We believe that you cannot secure what you do not know, so knowing should be a basic commodity. Once you understand the magnitude of your SaaS attack layer, you can make an educated decision as to how you are going to solve it. Discovery is the natural and basic first step and it should be accessible to anyone." said Galit Lubetzky Sharon, Wing's Co-Founder and CTO. The company reported that within the first few weeks of launching, over 200 companies enrolled in their self-service free discovery tool, adding to the company's existing customer base. The challenge is that SaaS applications are often onboarded by employees without involving IT or security teams.
While these SaaS-to-SaaS connections provide enhanced features that boost workflow efficiency, they also give permission for apps to read, update, create, delete, or otherwise engage with corporate and personal data. In its report, Adaptive Shield identifies how many SaaS apps are being connected to the core SaaS stack, specifically Microsoft 365 and Google Workspace and business-critical apps such as Salesforce and Slack, the types of permissions being granted to these applications, and the risk level these apps present.
Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it's clear that SaaS apps are a prime target for cyberattacks. Join us for an upcoming webinar that will equip you with the insights you need to overcome the top SaaS challenges of 2023.
Gartner forecasts a 16.8% growth for SaaS in 2023 as companies - including SMBs - add new SaaS platforms to their IT stack. Too often we find SMBs think security is all in the hands of the SaaS provider, when in fact the SaaS customer is always responsible for their data and their users.
While zero trust can be an effective approach to security, it can also present some challenges, particularly when it comes to implementing it for software as a service due to the fast pace of its adoption, distributed ownership of SaaS applications across organizations, and the shared responsibility model between a SaaS vendor and a customer. The traditional approach to SaaS security challenges has been to use a cloud access security broker and/or identity provider to manage access to SaaS applications.
Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible for securing their data. SaaS data breaches and SaaS ransomware attacks can lead to the loss or public exposure of that data.
Wing Security recently announced that it is making its SaaS application discovery engine available as a free, self-service product. The risks associated with SaaS Shadow IT have become more prevalent in recent years due to the widespread use of SaaS within organizations.