The Next Trends In SaaS Security

Innovation The Next Trends In SaaS Security Maor Bin Forbes Councils Member Forbes Technology Council COUNCIL POST Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based) Aug 10, 2022, 06:00am EDT | Share to Facebook Share to Twitter Share to Linkedin Maor Bin is the CEO and cofounder of Adaptive Shield .

getty According to Okta’s Business of Work report, large companies use 187 different SaaS apps on average, and this number is only growing—Gartner reports that end-user spending on SaaS will reach more than $171 billion in 2022. As this investment trend continues, new critical SaaS challenges emerge beyond the classic use case of misconfiguration and user permissions management, such as third-party app access and device-to-SaaS-user posture management. In this article, I will give a brief overview of the trends in SaaS security.

An Unrelenting Volume Of Misconfigurations Core SaaS offerings such as Office 365, Slack, Zoom and Salesforce, as well as the myriad of other SaaS apps that companies have deployed, are vital to a business’s day-to-day operations. While these benefits are widely recognized, many companies are just now beginning to learn about the risk they introduce to the company. Case in point, while app providers build in native security settings and configurations designed to protect businesses, the solutions can only be as secure as their weakest security control.

This means that it is up to the organization to correctly configure all settings, continuously. MORE FOR YOU Google Issues Warning For 2 Billion Chrome Users Forget The MacBook Pro, Apple Has Bigger Plans Google Discounts Pixel 6, Nest & Pixel Buds In Limited-Time Sale Event While that may seem straightforward, many don’t consider how apps are like snowflakes when it comes to their build and security configurations—each has unique terminology, UI, etc. It is the security team’s job to learn every app’s “language.

” While that might not seem insurmountable, consider that many enterprises today have thousands of employees relying on hundreds of apps. This creates a chaotic SaaS environment where manual audits become impossible and unsustainable. Third-Party App Access Discovery And Control Another growing SaaS challenge stems from third-party apps connected to the company’s core SaaS applications, also known as SaaS-to-SaaS supply chain.

Today, employees are frequently prompted to give permission for one SaaS app to connect with another, and, for the most part, they oblige. That’s where the problem begins. Today most users view this scenario from a productivity perspective—if they connect their SaaS apps, it will allow them to work more efficiently and ultimately help the business achieve its goals.

Every day, people give apps permission to connect with their Google Workspace or M365 environment (for example). By just clicking “accept,” they give these apps permission to provide a new avenue for threat actors to gain access to valuable company data. Now imagine this practice is happening throughout a business’s workforce unbeknownst to the security team.

The security team needs to see: 1. The SaaS apps that are being granted access to business-critical apps. 2.

Which of these apps pose the most risk by the level of scopes (permissions) being given. 3. Which users, most especially the privileged users, granted them.

The security team needs to be equipped to decide whether to revoke access to these apps to the core SaaS apps, protecting the business yet still ensuring that the employee maintains the functionality required to do their job. Device-To-SaaS Posture Management: The SaaS Security Zero-Trust Approach In today’s hybrid working world, security teams must contend with threats of users accessing their SaaS applications from unsecured devices. While accessing a SaaS app via a mobile device helps boost productivity, it adds another challenge to the security team.

It can pose a high level of risk for an organization, especially when the device owner is a highly privileged user. To remediate potential threats, security teams need to be able to correlate SaaS app users, roles and permissions with their associated devices’ hygiene. This end-to-end tactic enables a holistic zero-trust approach to SaaS security that is only now coming into the picture.

The Whole SaaS Security Picture The bottom line is that checking for misconfigurations and misappropriated user roles and permission within business-critical SaaS apps is the classic SaaS Security Posture Management (SSPM). However, if the organization adopts a zero-trust approach, it is worth considering third-party app access and device-to-SaaS-user monitoring and management an integral part of SSPM. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives.

Do I qualify? Follow me on LinkedIn . Check out my website . Maor Bin Editorial Standards Print Reprints & Permissions.