Demo Request
Take a personalized product tour with a member of our team to see how we can help make your existing security teams and tools more effective within minutes.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Home
Blog
Video: Salesforce Risks and How to Secure the Wild West of the Modern Enterprise

Video: Salesforce Risks and How to Secure the Wild West of the Modern Enterprise

Andrea Bailiff-Gush
Updated
August 23, 2023
November 29, 2024
10 min read

SaaS is the most widely utilized technology, hosting critical data from hundreds of SaaS applications for the average organization. But enterprises face challenges with a lack of business context that could help them discern between potentially harmful activities and subtle indications within their SaaS applications.

Watch the Video

In this video, Reco Chief Product Officer, Gal Nakash and Head of Product Marketing, Andrea Bailiff-Gush discuss SaaS applications as the modern attack surface and share recommendations for how to fortify your security posture.

Key Points to Watch

  • 02:24 — The SaaS provider is responsible for securing SaaS data, but the user also has a level of responsibility. Many organizations consider this shared responsibility model for SaaS confusing, meaning organizations are not fully securing the SaaS assets they’re responsible for, putting their data at risk.
  • 05:17 — Like any other tool, SaaS applications like Salesforce have blind spots that can pose a risk of data leaking. Common risks associated with Salesforce include authorization vulnerabilities, insider threats, increased data exposure, and more.  
  • 07:03 — The way SaaS applications are utilized and secured within organizations can lead to a lack of control and visibility. Utilization among both internal and external users, limited access and distributed responsibilities can leave SaaS applications at risk of data exposure.
  • 08:50 — SaaS apps provide limited visibility into actual permissions. One of the most common ways for a data leak to happen is through overly permissioned users. This often occurs when admins and developers are unaware of which permissions do what, and why a user might need access in the first place.
  • 12:55 — To secure your SaaS application from this common misconfiguration, consider who has access and the purpose, what data is accessible, and the 3rd party applications connected to your SaaS application (and how the connection was established).

Learn how Reco provides visibility into every interaction between users and their data.

Andrea Bailiff-Gush

ABOUT THE AUTHOR

Andrea is the Head of Marketing of Reco, responsible for driving demand and growth in SaaS security. Andrea is a cyber security veteran, having supported various security companies across various growth milestones, from Seed round to acquisition. She is passionate about growing businesses and teams to drive profitable outcomes and better well being for CISOs and security practitioners.

Technical Review by:
Gal Nakash
Technical Review by:
Andrea Bailiff-Gush

Andrea is the Head of Marketing of Reco, responsible for driving demand and growth in SaaS security. Andrea is a cyber security veteran, having supported various security companies across various growth milestones, from Seed round to acquisition. She is passionate about growing businesses and teams to drive profitable outcomes and better well being for CISOs and security practitioners.

Request a Demo
Table of Contents
Overview
Get the Latest SaaS Security Insights
Subscribe to receive updates on the latest cyber security attacks and trends in SaaS Security.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Explore Related Posts

5 minutes
SaaS Security
The Problems with Homegrown Threat Detection and Response for SaaS
Kate Turchin
May 7, 2025
Threat detection and response for SaaS apps is critical. But should you build it or buy it? Read this blog to learn why building a homegrown solution with your SIEM may be prohibitively complex, costly, and fall short of providing adequate protection.
6 minutes
SaaS Security
Heeding Pat Opet's Wakeup Call – The Need for Dynamic SaaS Security
Richard Conley
May 5, 2025
JPMorgan’s CISO Pat Opet issued a blunt warning that SaaS sprawl is “quietly enabling cyber attackers” and creating systemic vulnerabilities. He calls for new cybersecurity solutions and standards. Read this blog to understand why Dynamic SaaS Security is the answer.
4 minutes
Cyber Attack
My SaaS Security Breach: Why Security Should Care About Every App
Kate Turchin
April 25, 2025
An overpermissioned contractor with malicious intent led to a devastating SaaS security breach. Learn about Kate, Reco's Director of Demand Generation, and her true story of being part of a SaaS security attack.
See more featured resources

Ready for SaaS Security
that can keep up?

Request a demo
Reco is the leader in Dynamic SaaS Security — the only approach that eliminates the growing gap between what you can protect and what’s outpacing your security. Reco keeps pace with SaaS sprawl, no matter how fast it evolves, by covering the entire SaaS lifecycle — cradle to grave.
Request a demo
Memberships
Industry Recognition
Solutions By Use Case
Posture ManagementApp Discovery & GovernanceIdentity & Access GovernanceThreat Detection & ResponseData Exposure ManagementShadow App DiscoveryGenerative AI DiscoveryAgentic AI SecurityReco AI Agents
Integrations By App
All Supported ApplicationsSalesforceMicrosoft 365Google WorkspaceServiceNowWorkday
ServiceNow
soon
SlackOktaVeeva
Resources
BlogLearnIT HubCustomer StoriesWebinarsSSPM ReportCISO GuideFinancial GuideHealthcare GuideSalesforce GuideMicrosoft GuideAI Security GuideShadow AI GuideState of SaaS Security Report
Company
About Reco
Careers
Hiring
NewsroomPartnersTrust CenterContact Us
Top Content
SaaS SecurityWhat is SSPM
Memberships
Industry Recognition
AICPA for RecoReco - ISO 27001
TermsPrivacy
© 2025 Reco. All Rights Reserved.