By Yoni Shohet, CEO and Co-Founder of Valence Security
SaaS-to-SaaS integrations are an inherent part of modern software-as-a-service use in business, and the adoption of third-party services is scaling rapidly to adapt. Malicious actors aren't lagging behind. They realize the lucrative benefits of leveraging these integrations to steal, leak, or abuse organizational assets.
Traditional third-party risk management (TPRM) solutions were introduced to help streamline and automate compliance processes. Recent supply chain breaches, such as the malicious third-party OAuth token abuse that affected GitHub customers, show how threats grow while SaaS use scales, making it imperative for business requirements around third-party risk evaluation and management to shift. The cybersecurity community's approach to these risks must shift accordingly.