SaaS applications have become deeply embedded in every business function, enhancing business productivity and efficiency within forward thinking organizations. In addition, the ease by which they can be activated empowers business users to adopt and interconnect them directly at the speed of business, often without IT security oversight or security controls.
As a result of this indiscriminate adoption, management and use, however, SaaS applications have also opened a new attack surface consisting of a mesh of interconnected applications, users and data. Plagued by insecure, inactive and over privileged integrations, applications, security misconfigurations, external data sharing, ungoverned identities, and over privileged users, this SaaS mesh can leave organizations at increased vulnerability to data loss and account compromise. Recent Okta/Lapsus$, GitHub, and Mailchimp breaches highlight this growing risk and the fact that SaaS attacks are becoming a common threat vector.
After Cloud Security Access Broker (CASB) which were the first generation of SaaS security solutions, SaaS Security Posture Management (SSPM) solutions have recently emerged to address modern SaaS security challenges, but only solve part of the problem. SSPMs make it easier for organizations to ensure proper SaaS application configurations from the start and detect policy drift over the life of the application. In addition, they enable IT security teams to detect over privileged user access, ensuring users have only the minimum privileges to access data that is necessary to do their job.
However, SaaS security risks go beyond administrative configurations which current SSPMs focus on. SaaS applications empower business users to make decisions on a daily basis that can expose business critical data to attack. Existing solutions fall short in remediating such risks since they miss business critical context that is required to properly address the pace of the changes made by distributed organizations and business users without disrupting the business.
IT and security teams reside in applying strict security controls such as blocking collaborative features in SaaS applications, which could significantly reduce the value of innovative SaaS applications and ultimately impede the business. Worse than that, when security teams strict the usage of popular SaaS applications like Slack, Microsoft 365 and Google Workspace, business users often find workarounds that allow them to accomplish their business goal, which are then accomplished with unsanctioned apps and methods. Instead, engaging with the business users who adopt, use and manage each application in the first place could be critical for security teams to determine which applications and their integrations and configurations are business critical. Working with business users is also necessary for IT teams to maintain a reputation as collaborative business and security enablers, not the department of “no”. Unfortunately, existing SSPMs lack the collaborative remediation workflows that incorporate this user engagement capability.
In addition, the scale of remediation across hundreds of applications is daunting since every application has different terminology, usage models, logic and privilege sets. By engaging with end users, IT departments can leverage the knowledge and efforts of the business users to remediate SaaS risks themselves while educating them on proper SaaS application security hygiene.
With understanding business context and maintaining visibility and the ability to remediate security risks across the SaaS mesh being key to comprehensive SaaS security, it is time for a new generation of SaaS security solutions to emerge like Valence’s Collaborative Security Remediation Platform for SaaS which has built its solution around these necessary capabilities.