The rapid acceleration of Software-as-a-Service (SaaS) adoption for assorted use cases — including productivity (a.k.a., the cloud office), collaboration and communication, as well as people management, to name a few — continues unabated. In fact, Gartner predicts that spending on SaaS will grow at nearly 17% in 2023, reaching $195 billion for the year, compared to $167 billion in 2022.
This increased adoption of SaaS applications designed to make our ways of working easier comes with a downside too: a significant increase in the attack surface area. Just this past week, the U.S. Federal Reserve suffered a so-called “porn-bombing” breach during a virtual Zoom event. This interrupted business and prevented Fed Governor Christopher Waller from delivering his remarks at the event.
SaaS Expansion and Cyber Risk Realities
SaaS is fast becoming the de facto operating system of the modern enterprise, with the average mid-sized enterprise having 185 apps deployed. This number is likely to escalate each year, accelerated by the normalization of hybrid and remote work. Business units like marketing and finance, among others, onboard SaaS apps at will, and often with limited to no security oversight.
Disconcertingly, this decentralization of IT is resulting in a significant expansion of the attack surface area. Over half of the apps in a typical enterprise environment have not been used in over six months, but they still retain access to sensitive data.
The challenge of addressing SaaS security, until recently, has been a combination of lacking awareness of the risks that ungoverned SaaS apps pose along with a corresponding misprioritization from a security program perspective. According to Harold Byun, chief product officer at AppOmni, “What many security and risk leaders don’t often realize is that sanctioned and unsanctioned SaaS apps contain a trove of sensitive data that are often exposed to the internet due to basic security misconfigurations.”
The Importance of Proactive SaaS Security Management
Security and risk leaders often struggle to maintain a proactive security posture over their SaaS estate due to a lack of visibility into their ever-expanding SaaS footprint. The challenge is also compounded by the fact that ownership over these apps is decentralized. This lack of visibility and control enables basic security misconfigurations to go unnoticed and be exploited by threat actors. In worst case scenarios, sensitive data contained in SaaS apps can be exposed for extended periods of time with no awareness of this exposure.
Just in the past few months, numerous SaaS breaches have impacted customers of GitHub, Okta, CircleCI, and LastPass, to name a few. Many of these breaches occurred via 3rd party compromises arising from security vulnerabilities that could have been detected and prevented if the respective SaaS app’s security posture was being proactively monitored.
Similarly, the U.S. Federal Reserve’s embarrassing “porn-bombing” incident on Zoom, which 220 virtual participants witnessed, was likely the result of improper security configuration of guest access and user permissions. This error enabled the threat actor to gain unauthorized access to the event and escalate privileges to “host,” thereby enabling the hijacking of the session and the sharing of pornography.
Byun described this incident as “a classic example of how the lack of visibility and the inability to detect configuration drift in SaaS security management can derail your ability to conduct business. Organizations have embraced SaaS to help accelerate and simplify their businesses, and now they need to put the same rigor into securing these applications and the data held inside them.”
In a different scenario, such incidents can lead to businesses suffering significant financial and reputation damage, and having sensitive client or company data compromised.
Shared Responsibility and SaaS Security Posture Management (SSPM)
Similar to cloud adoption, the security of SaaS tools and the data they store and touch hinges on a shared responsibility model. But establishing visibility and control over the SaaS estate is a key and important first step.
Fortunately, a new breed of SaaS-focused security tools like AppOmni offer proactive SaaS threat detection and activity monitoring, designed to help prevent security incidents such as the Fed’s Zoom incident. AppOmni not only offers extensive coverage over SaaS applications, including the likes of Zoom, but also provides unparalleled depth in coverage. Our SaaS security solution also detects and alerts security teams on any policy drift. For example, an alert triggered by a security access misconfiguration can proactively prevent security risks from becoming security events.
Learn more about how you can use AppOmni to monitor your SaaS activities for potential malicious threats and take immediate action with guided remediation steps.
Related Resources
-
How to Detect Session Hijacking in Your SaaS Applications
In part 3 of this series, Justin Blackburn shares best practices to detect session hijacking and how AppOmni does this by flagging anomalies and through UEBA alerts.
-
AppOmni Achieves FedRAMP®️ “In Process” Status for Public Sector SaaS Security
AppOmni has achieved FedRAMP® “In Process” status, a major milestone in providing secure SaaS solutions to federal agencies.
-
Closing Security Gaps with AppOmni and Okta’s Integrated SaaS and Identity Protection
Read how AppOmni and Okta address the challenge of security teams correlating identity behavior with SaaS activity through the Shared Signals Framework (SSF).