Securing the adoption and use of non-human identities is probably the most overlooked element in most organizations' cybersecurity strategy today. Most organization’s SaaS security strategy focuses almost exclusively on human-to-SaaS interactions, and their security stacks, dominated by Cloud Access Security Brokers (CASBs), SaaS Security Posture Management (SSPM) solutions, and Identity Providers (IdPs), reflect this. This focus is only natural, as human users are the most visible.
Unfortunately, shadow non-human identities and SaaS integrations typically remain hidden, unmanaged, and ripe for exploitation. Even Third Party Risk Management (TPRM) solutions adopted to determine the security posture of third-party SaaS vendors don’t have visibility into their integrations with core SaaS services, thereby missing critical usage context.
The mass adoption of SaaS services and third-party integrations such as OAuth apps, APIs and low/no-code workflows that has accelerated due to the shift to remote work, increased business need for distributed, global collaboration, and the rapid, unmanaged, employee adoption of SaaS, has exposed organizations to potentially devastating SaaS supply chain attacks.
Such breaches are potentially more extensive than a direct attack on a single SaaS application or user account, since attackers can compromise not only the targeted SaaS account and its stored data, but multiple accounts or data repositories integrated with that breached account.
The growing problem of over-privileged API Integrations, ungoverned hyper-automation workflows, the onboarding of unauthorized SaaS vendors, and unused SaaS integrations that haven’t been properly offboarded all contribute to the growing exposure of most organizations to such SaaS supply chain breaches.
The result? We have witnessed a literal supply chain attack avalanche starting with the SolarWinds breach in late 2020 and accelerating to include multiple SaaS supply chain breaches occurring in just the first few months of 2022–including the Okta (LAPSUS$) and multiple GitHub compromises.
Yet despite this avalanche, most IT security teams are either unaware of the potential risk, are yet to conclude that the risk is substantial enough to allocate scant cybersecurity resources to mitigating the risk, or are finding a lack of available third-party solutions focused specifically on securing non-human identities. The 2022 Shadow SaaS-to-SaaS Integration Report by Valence Threat Labs, in fact, surveyed numerous CISOs, who on average estimated that they have less than 200 such integrations between third-party SaaS applications and their core SaaS, such as Microsoft 365, Salesforce, and Google Workspace.
In reality, according to cross-tenant usage data drawn from the Valence SaaS Risk Remediation Platform, the report found that the average organization had over 900 third-party integrations (4-5x estimated by CISOs). Most were adopted without IT team oversight or security review. Further, nearly half (48%) were found to be abandoned or unused, typically due to a failed PoC, providing a broad SaaS integration attack surface exposed and unmonitored.
Request a Free Shadow SaaS Integration Risk Assessment and find out how many hidden and unmanaged third party integrations are lurking in your organization.