SaaS security is difficult because standard cybersecurity controls assume software is owned by the user and runs on the user’s infrastructure. In SaaS, the provider runs the application on its own infrastructure, while customers cannot control the underlying environment. Providers can implement security inside the app, but security outcomes depend on how the app is configured and how users choose to use it. Misconfiguration becomes the most common source of insecurity. The SaaS threat surface grows as more users and departments adopt more SaaS tools, including unapproved “shadow SaaS” and shadow AI. Specialized SaaS security posture management platforms aim to provide visibility and control to reduce breach risk, but complexity increases as the threat surface expands.
"Securing software-as-a-service (SaaS) apps is hard. The standard cybersecurity controls are not designed for SaaS. The difficulty is the software doesn't belong to the user and usually runs on somebody else's infrastructure. Standard cybersecurity products are designed to operate on software owned by the user and housed on the users' infrastructure."
"SaaS providers attempt to maintain security inside their apps, but they cannot control how they are used. Usage varies from user to user and is fundamentally governed by how the app is configured. This configuration is the only native security available to SaaS users, and misconfiguration is the primary and most common source of insecurity."
"The SaaS threat surface is already huge and constantly expanding, with more users and more company departments using more SaaS apps. If downloaded and run locally, this is not always with the knowledge of the IT and security departments, possibly creating shadow SaaS that often includes shadow AI."
"AppOmni is one of the cybersecurity firms offering specialized assistance. It provides a SaaS security posture management (SSPM) platform, aiding visibility into, control over, and reduced breach risk from SaaS apps. But it simply gets harder through the growing size and complexity of the threat surface."
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]