SaaS Security Threats 2022
With 2021 drawing to a close and many closing their plans and budgets for 2022, the time has come to do a brief wrap-up of the SaaS Security challenges on the horizon.
Here are the top 3 SaaS security posture challenges as we see them.
The Mess of Misconfiguration Management
The good news is that more businesses than ever are using SaaS apps such as GitHub, Microsoft 365, Salesforce, Slack, SuccessFactors, Zoom, and many others, to enable employees to maintain productivity under the most challenging of circumstances. As for the bad news, many companies are having a hard time adequately addressing the ever-changing security risks of each app.
This challenge begins with a simple miscalculation—businesses are tasking security teams to ensure that the security configurations for each app are set correctly.
While that may seem like the logical choice, these apps are like snowflakes, no two are the same, including their specific settings and configurations. This is exacerbated by SaaS environments that contain hundreds of apps. Add it all up and what’s left is an unrealistic burden being placed squarely on the shoulders of security teams.
These teams do not have the superhuman computing power to be able to monitor thousands of configurations and user permissions daily to secure the organization’s SaaS app stack, without a SaaS Security Posture Management (SSPM) solution.
Users, Privileged Users Everywhere
One only has to consider the typical employee, untrained in security measures, and how their access or privileges increase the risk of sensitive data being stolen, exposed, or compromised. The ease with which SaaS apps can be deployed and adopted is remarkable — and with employees working everywhere, the need for strengthened governance for privileged access is clear.
This has been a long time coming; the shifts in the working climate have further accelerated the process, yet SaaS adoption has been gaining ground for years. Organizations today need the capability to reduce risk caused by over-privileged user access and streamline user-to-app access audit reviews by gaining consolidated visibility of a person’s accounts, permissions, and privileged activities across their SaaS estate.
Ransomware through SaaS
When threat actors decide to target your SaaS applications, they can use more basic to more sophisticated methods. Similar to what Kevin Mitnick in his RansomCloud video, a traditional line of a business email account attack through a SaaS application follows this pattern:
- Cybercriminal sends an OAuth application phishing email.
- User clicks on the link.
- User signs into their account.
- Application requests the user to allow access to read email and other functionalities.
- User clicks “accept.”
- This creates an OAuth token which is sent directly to the cybercriminal.
- The OAuth token gives the cybercriminal control over the cloud-based email or drive, etc. (based on the scopes of what access was given.)
- Cybercriminal uses OAuth to access email or drive, etc., and encrypt it.
- The next time the user signs into their email or drive etc., they will find their info encrypted. The ransomware attack has deployed.
- The user receives a message that their email has been encrypted and they need to pay to retrieve access.
This is a specific type of attack through SaaS; however, other malicious attacks through OAuth applications can occur in an organization’s environment.
SaaS Security Threats 2022