Top 3 SaaS Security Threats for 2022

With 2021 drawing to a close and many closing their plans and
budgets for 2022, the time has come to do a brief wrap-up of the
SaaS Security challenges on the horizon.

Here are the top 3 SaaS security posture challenges as we see
them.

1 — The Mess of Misconfiguration
Management

The good news is that more businesses than ever are using SaaS
apps such as GitHub, Microsoft 365, Salesforce, Slack,
SuccessFactors, Zoom, and many others, to enable employees to
maintain productivity under the most challenging of circumstances.
As for the bad news, many companies are having a hard time
adequately addressing the ever-changing security risks of each
app.

This challenge begins with a simple miscalculation—businesses
are tasking security teams to ensure that the security
configurations for each app are set correctly.

While that may seem like the logical choice, these apps are like
snowflakes, no two are the same, including their specific settings
and configurations. This is exacerbated by SaaS environments that
contain hundreds of apps. Add it all up and what’s left is an
unrealistic burden being placed squarely on the shoulders of
security teams.

These teams do not have the superhuman computing power to be
able to monitor thousands of configurations and user permissions
daily to secure the organization’s SaaS app stack, without a SaaS
Security Posture Management (SSPM) solution.

Learn more about SaaS Security Posture
Management^[1]

2 — Users, Privileged Users
Everywhere

One only has to consider the typical employee, untrained in
security measures, and how their access or privileges increase the
risk of sensitive data being stolen, exposed, or compromised. The
ease with which SaaS apps can be deployed and adopted is remarkable
— and with employees working everywhere, the need for strengthened
governance for privileged access is clear.

This has been a long time coming; the shifts in the working
climate have further accelerated the process, yet SaaS adoption has
been gaining ground for years. Organizations today need the
capability to reduce risk caused by over-privileged user access and
streamline user-to-app access audit reviews by gaining consolidated
visibility of a person’s accounts, permissions, and privileged
activities across their SaaS estate.

Learn more about managing and monitoring
privileged user access in your SaaS environment^[2]

3 — Ransomware through
SaaS

When threat actors decide to target your SaaS applications, they
can use more basic to the more sophisticated methods. Similar to
what Kevin Mitnick in his RansomCloud
video^[3], a traditional line of a
business email account attack through a SaaS application follows
this pattern:

1. Cybercriminal sends an OAuth application phishing email.
2. User clicks on the link.
3. User signs into their account.
4. Application requests the user to allow access to read email and
   other functionalities.
5. User clicks “accept.”
6. This creates an OAuth token which is sent directly to the
   cybercriminal.
7. The OAuth token gives the cybercriminal control over the
   cloud-based email or drive, etc. (based on the scopes of what
   access was given.)
8. Cybercriminal uses OAuth to access email or drive, etc., and
   encrypt it.
9. The next time the user signs into their email or drive etc.,
   they will find their info encrypted. The ransomware attack has
   deployed.
10. The user receives a message that their email has been encrypted
    and they need to pay to retrieve access.

This is a specific type of attack through SaaS; however, other
malicious attacks through OAuth applications can occur in an
organization’s environment.

Final Thoughts

Gartner named this domain as one of the “4 Must-Have Technologies That Made the
Gartner Hype Cycle for Cloud Security, 2021^[4].

With a SaaS Security Posture Management (SSPM)
platform^[5], like Adaptive Shield,
you can prevent such attacks and automate the prioritization and
remediation processes to fix any misconfiguration issues as they
happen.