How to improve your SaaS security posture and reduce risk
In this Help Net Security interview, Maor Bin, CEO at Adaptive Shield, talks about the SaaS security space and how Adaptive Shield help security teams gain control over their SaaS security landscape.
How has the SaaS security space evolved in the past decade? What are the main challenges in the SaaS security space?
While in recent years, enterprise reliance on SaaS services has grown dramatically, it is expected to soar to new heights in the coming years. Over this time, businesses turned to apps such as Microsoft 365, Salesforce, Slack, SuccessFactors and Zoom to run their business.
All you need to do in order to adopt a new SaaS app is just 10 minutes and a credit card.
The challenge begins with SaaS environments, which are dynamic and continually updating. Think about it, you have so many apps, each app has dozens or hundreds of security settings, not to mention the user volume.
Case in point, as employees are added or removed and new apps onboarded, permissions and configurations must be reset, changed, and updated. In addition, there are continuous, compliance updates and security configurations that must be addressed to ensure they meet industry standards and best practices (NIST, MITRE, etc.).
While SaaS providers build in security features, it is ultimately up to the company’s security team to review and learn each application’s specific set of rules and configurations, which takes time since they are not day-to-day app users and lack familiarity with the settings. In fact, oftentimes the security team has no visibility at all to what is going on in the SaaS stack, as the SaaS admins sit outside the security team, in the department that predominantly uses that SaaS.
How does Adaptive Shield help security teams gain control over their SaaS security landscape?
Adaptive Shield’s SaaS Security Posture Management (SSPM) provides proactive, continuous and automated monitoring of any SaaS application, alongside a built-in knowledge base of compliance standards and benchmarks to ensure the highest level of SaaS security available today.
As a SaaS offering that integrates with SaaS, the solution can be live in minutes. Once in place, it provides customers with clear visibility into their whole SaaS ecosystem where it can detect any misconfiguration, incorrect permissions, and all possible exposure, wherever they may be. Through its automated remediation capabilities, the solution sends detailed alerts at the first sign of a security misconfiguration. This allows the security team to quickly open a ticket to fix the issue with no go-between and no lengthy additional steps.
Adaptive Shield enables companies to gain visibility into their SaaS stack, improve their SaaS security posture and reduce risk on the day of the integration.
What do you see your clients most worried about?
Let me answer this question with an anecdote:
Two months ago, a prospect told us that they had just completed an assessment for their O365 and Salesforce environments. Once we integrated the platform with their apps, they were surprised with the results as they actually found out that some issues that were considered “fixed” were actually not.
It’s a common occurrence – that “wow” moment when the client sees their SaaS security posture for the first time on Adaptive Shield. They are able right away to glean the potential places for breach or leak and are excited for the map of how to fix it.
So, what are they worried about / what keeps them up at night? Not knowing how the next attack can come through. With a proper SSPM solution in place, they can work to make sure it’s not through their SaaS app ecosystem.
Can you offer some real-world examples of challenges that your clients were facing, and how you assisted them?
Something we keep seeing with clients is the dichotomy of their SSO implementation. We all know how important MFA is to thwarting cyber attacks through user passwords. And we see security teams implementing SSO in order to get 100% coverage of multi-factor authentication.
The thing is that most SSO providers allow their super admins to bypass the service for maintenance reasons.
So in fact, they create a situation where the strongest users are exposed to account takeover attacks.
Our SSPM solution will monitor and ensure that the security team is alerted to the misconfigurations or misappropriated user privileges, avoiding situations like these.
This is just one example out of many issues in other SaaS security domains.
What are your plans for the future?
Adaptive Shield recently secured $30 million in Series A funding led by Insight Partners, with participation from Okta Ventures and existing investor Vertex Ventures Israel.
These investments will further accelerate the company’s growth through product innovation and global expansion, including the building out of research and development for new features and expansion in the SaaS Security domain and will also support more and more tech alliances with other major security players.