SaaS Security Enters the Spotlight
Over the past two years, attackers have changed both their targets and strategies as they search for the most lucrative backdoors into organizations and their critical assets. As companies migrate from network-based infrastructure to the cloud, these assets are now shared and stored outside the well-secured organizational perimeter in multiple SaaS applications that are much more haphazardly secured. This shift has benefitted business collaboration and productivity, but it has also presented a new set of security risks that grow with every new SaaS application, SaaS-to-SaaS integration, external data share, unmanaged identity and SaaS misconfiguration.
Recent SaaS breaches involving Okta, GitHub, Microsoft 355 and Google Workspace among others have grown ever more complex, involving SaaS supply chain attacks and the exploitation of SaaS misconfigurations, ungoverned data sharing privileges and over privileged identities - all leading to account takeovers and data loss that can span multiple companies, data repositories and SaaS services.
Security practitioners and vendors must now evolve along with the SaaS environment, hackers and threats, leaving behind legacy SaaS security solutions that provide only partial visibility that lacks business context for SaaS adoption and usage. They must embrace the SaaS sprawl while also keeping up with attackers as they become more sophisticated and more determined.
As the CEO and Co-founder of Valence Security, a cybersecurity company striving to help security and business leaders improve their SaaS security posture, I believe that 2023 will be the year that SaaS security truly enters the spotlight.