Top 4 SaaS Security Threats for 2023

Dec 12, 2022The Hacker NewsSaaS Security / SSPM Solution

With 2022 coming to a close, there is no better time to buckle
down and prepare to face the security challenges in the year to
come. This past year has seen its fair share of breaches^[1], attacks, and leaks,
forcing organizations to scramble to protect their SaaS stacks.
March alone saw three different breaches from Microsoft, Hubspot,
and Okta.

With SaaS sprawl ever growing and becoming more complex,
organizations can look to four areas within their SaaS environment
to harden and secure.

Learn how you can automate your SaaS stack
security^[2]

Misconfigurations Abound

Enterprises can have over 40 million knobs, check
boxes, and toggles in their employees’ SaaS apps. The security team
is responsible to secure each of these settings, user roles and
permissions to ensure they comply with industry and company
policy.

Not only because of their obvious risk or misalignment with
security policies, misconfigurations are overwhelmingly challenging
to secure manually. These configurations can change with each
update, and their complexity is compounded by the many compliance
industry standards. Adding to that challenge, SaaS app owners tend
to sit in business departments outside the security team’s scope
and are not trained or focused on the app’s security.

Security teams should onboard a SaaS Security Posture Management
(SSPM) solution, like Adaptive Shield, that provides full
visibility and control across a critical mass of SaaS apps in the
SaaS stack. The solution must identify both global app settings and
platform-specific configurations within each app. Security teams
should be able to use the solution to gain context into security
alerts and gain answers to questions like: Which users are subject
to a certain misconfiguration? Are they admins? Is their MFA
enabled? By having these answers at their fingertips, security
teams can enforce company and industry policies to remediate
potential risks from any misconfiguration.

SaaS-to-SaaS Access

Another growing security challenge derives from the increasing
volume of apps connected to the company’s SaaS environment. On
average, thousands of apps are connected without the approval or
knowledge of the security team. Employees connect these apps, often
to boost productivity, enable remote work and to better build and
scale company’s work processes.

However, when connecting apps to their workspaces, employees are
prompted to grant permissions for the app to access. These
permissions include the ability to read, create, update, and delete
corporate or personal data, not to mention that the app itself
could be malicious. By clicking “accept,” the permissions they
grant can enable threat actors to gain access to valuable company
data. Users are often unaware of the significance of the
permissions they’ve granted to these 3rd-party apps.

Falling in the Shadow IT domain, security teams must be able to
discover 3rd party apps and identify which pose a risk. From access
scopes requested by these apps, to authorized users and cross
referencing, the security team should be able to measure the level
of access to sensitive data across the organization’s stack. An
SSPM solution like Adaptive Shield, can arm the security team with
this type of discovery and control in addition to providing
advanced reporting capabilities for effective and accurate risk
assessments to drive actionable measures.

Get a demo of how an SSPM solution can help
mitigate 3rd-party app access.^[3]

Device-to-SaaS User Risk

Security teams must deal with threats from users accessing their
SaaS applications from personal, unsecured devices. Accessing a
SaaS app via an unmanaged device poses a high level of risk for an
organization, especially when the device owner is a highly
privileged user. Personal devices are susceptible to data theft and
can inadvertently pass on malware into the organization’s
environment. Lost or stolen devices can also provide a gateway for
criminals to access the network.

Security teams need a solution that enables them to manage SaaS
risks originating from compromised devices. An SSPM solution like
Adaptive Shield can identify privileged users such as admins and
executives, calculate user-risk levels, and recognize which
endpoint devices need to be more secured.

Figure 1. Adaptive Shield’s Device Inventory

Identity and Access Governance

Every SaaS app user is a potential gateway for a threat actor,
as seen in the most recent Uber MFA Fatigue attack. Processes to
ensure proper users’ access control and authentication settings are
imperative, in addition to validation of role-based access
management (as opposed to individual-based access) and establishing
an understanding of access governance. Identity and access
governance helps ensure that security teams have full visibility
and control of what is happening across all domains.

Security teams need to monitor all identities to ensure that
user activity meets their organization’s security guidelines. IAM
Governance enables the security team to act upon arising issues by
providing constant monitoring of the company’s SaaS Security
posture as well as its implementation of access control.

Final Thoughts

Gartner called SaaS Security Posture Management (SSPM) in the
“4 Must-Have Technologies That Made the
Gartner Hype Cycle for Cloud Security, 2021^[4]” for solutions that
continuously assess security risk and manage the SaaS applications’
security posture. With an SSPM platform^[5], like Adaptive Shield,
organizations can harden their SaaS security to identify and
remediate issues faster and prevent future attacks. Security teams
can introduce best practices for SaaS security that extend beyond
Misconfiguration Management to cover SaaS-to-SaaS Access,
Device-to-SaaS User Risk levels, and Identity & Access Management
Governance.