SaaS is the most widely utilized technology, hosting critical data from hundreds of SaaS applications for the average organization. But enterprises face challenges with a lack of business context that could help them discern between potentially harmful activities and subtle indications within their SaaS applications.
In this video, Reco.ai Chief Product Officer, Gal Nakash and Head of Product Marketing, Andrea Bailiff-Gush discuss SaaS applications as the modern attack surface and share recommendations for how to fortify your security posture.
Key points to watch:
- 02:24 — The SaaS provider is responsible for securing SaaS data, but the user also has a level of responsibility. Many organizations consider this shared responsibility model for SaaS confusing, meaning organizations are not fully securing the SaaS assets they’re responsible for, putting their data at risk.
- 05:17 — Like any other tool, SaaS applications like Salesforce have blind spots that can pose a risk of data leaking. Common risks associated with Salesforce include authorization vulnerabilities, insider threats, increased data exposure, and more.
- 07:03 — The way SaaS applications are utilized and secured within organizations can lead to a lack of control and visibility. Utilization among both internal and external users, limited access and distributed responsibilities can leave SaaS applications at risk of data exposure.
- 08:50 — SaaS apps provide limited visibility into actual permissions. One of the most common ways for a data leak to happen is through overly permissioned users. This often occurs when admins and developers are unaware of which permissions do what, and why a user might need access in the first place.
- 12:55 — To secure your SaaS application from this common misconfiguration, consider who has access and the purpose, what data is accessible, and the 3rd party applications connected to your SaaS application (and how the connection was established).