Understand your data exposure risk — and your SaaS security posture.
By Cory Michal, VP Security @ AppOmni
Brian Krebs, in his Krebs on Security blog, recently noted a significant Salesforce data leak impacting numerous organizations across the public sector, along with healthcare and financial services companies. The security risks highlighted by Krebs are not unique to Salesforce. In fact, these configuration-based security risks affect many SaaS products on the market today.
AppOmni is the leader in identifying and remediating these SaaS risks. As Krebs noted in his blog, the research conducted by AppOmni researcher Aaron Costello in 2021 identified misconfigurations in Salesforce Community sites that could be exploited to reveal sensitive data.
As SaaS products have grown more and more complex over time, ensuring that the correct security and access configuration is in place has become increasingly challenging for overburdened SaaS product administrators and security teams. Furthermore, SaaS providers routinely introduce new features into their products and enable them by default, exposing existing customers to new risks that may negatively impact their organization’s security posture.
Leverage AppOmni’s Salesforce Community Cloud Scanner Now
If you are responsible for the security of your organization’s Salesforce SaaS deployment, AppOmni recommends you take a few minutes to utilize the free AppOmni’s Salesforce Community Cloud Scanner. This scanner will determine if you are impacted by the data exposure risks highlighted by the Krebs on Security blog and AppOmni researchers. It will also provide you with remediation steps.
Understand Your SaaS Security Posture
Gaining a comprehensive understanding of your organization’s SaaS attack surface and security posture can be very challenging for security teams. AppOmni recommends following the steps laid out below to gain visibility into your organizational SaaS deployments, improve their security postures, and maintain continuous security and threat monitoring across them.
- Understand the SaaS products in use by your organization by talking to procurement and finance teams about which SaaS vendors are contracted.
- Utilize endpoint and network security monitoring solutions to examine traffic patterns and system configurations to determine which SaaS products are in use at your organization.
- Create a SaaS vendor security assessment process whereby all SaaS vendors undergo a risk assessment in order to ensure new and existing SaaS providers align with organizational risk appetite.
- Implement continuous monitoring of SaaS products in use via a SaaS Security Posture Management Platform. Ensure that the solution provider leverages industry-leading SaaS threat detection engineers actively detecting SaaS security risks in the SaaS platforms you use most.
- Integrate logs and alerts from your SaaS Security Posture Management Platform into your security monitoring system as well as your detection and incident response processes.
AppOmni is here to help. Schedule a demo today.
Related Resources
-
Build and Scale a Salesforce SaaS Security Program
Salesforce administrators and security professionals keen on strengthening their SFDC security can learn from our esteemed speaker panel.
-
SaaS Risks in Healthcare: Anatomy of a Data Exposure at the HSE
SaaS Security Engineer Aaron Costello explains how to handle sensitive data in SaaS apps, as learned from misconfiguration in Ireland’s vaccination portal (HSE).
-
SaaS Security Series: Understanding Salesforce Administrative Permissions
Explore the fundamental elements of leading SaaS applications pivotal for system security, with a detailed focus on the Salesforce permissions framework.