October 16, 2023 at 08:25AM
The text discusses the importance of SaaS security and highlights key findings from the SaaS Security Survey Report. It emphasizes the need for automated configuration and monitoring tools, as well as the critical role of identity and access governance. The risks associated with third-party connected apps are also examined. The text concludes by promoting the “SaaS Security on Tap” video series as an entertaining resource for understanding SaaS security challenges and solutions.
From the meeting notes, it seems that SaaS Security’s focus is on addressing the challenges and risks associated with securing data in SaaS applications. The notes highlight the importance of configuration management in preventing security breaches, with 35% of breaches originating from misconfigured security settings.
The Annual SaaS Security Survey Report for 2024 reveals that incidents related to SaaS security are on the rise, with 55% of organizations experiencing security incidents in the past two years. These incidents include data leaks, breaches, ransomware attacks, and malicious applications.
However, there is some positive news as well. The report indicates that companies are recognizing the limitations of manual audits and CASB deployments and are shifting towards using SaaS Security Posture Management (SSPM) tools for automated configuration and security monitoring. In fact, 80% of companies are planning to implement SSPM tools like Adaptive Shield by September 2024, which is expected to significantly enhance the security of SaaS applications.
Identity and access governance is another crucial aspect of SaaS security. The notes suggest that organizations adopting SSPM tools are gaining better visibility into SaaS app users and realizing the importance of identity and access governance in securing SaaS apps. The responsibility for identity and access governance lies with the security and central IT team, who manage the company’s Identity Provider (IdP) and need visibility into user access, privileges, and device usage.
The meeting notes also highlight the risks associated with third-party connected apps or SaaS-to-SaaS access. While these integrations can improve workflows, they also pose a significant security risk. Many of these third-party apps ask for intrusive permission scopes and may have read/write access, email-sending capabilities, or the ability to delete data. Organizations often have numerous apps connected to their SaaS environment, many of which request medium- or high-risk permission scopes.
“SaaS Security on Tap” is a video series hosted by Eliana V that aims to educate organizations about the challenges and solutions related to SaaS security. The series uses entertaining analogies and examples to emphasize the importance of avoiding misconfigurations and implementing strong security settings.
Overall, the meeting notes indicate the growing importance of SaaS security measures, including configuration management, automated monitoring, identity and access governance, and mitigating the risks of third-party integrations.