The New Weak Link in SaaS Security: Devices

EASTER · Jul 21, 2022

https://thehackernews.com/2022/07/the-new-weak-link-in-saas-security.html

Typically, when threat actors look to infiltrate an organization's SaaS apps, they look to SaaS app misconfigurations as a means of entry. However, employees now use their personal devices, whether their phones or laptops, etc., to get their jobs done. If the device's hygiene is not up to par, it increases the risk for the organization and widens the attack surface for bad actors. And so, Endpoint (Device) Protection — through EDR, XDR, and vulnerability management solutions – has arisen as a critical factor in SaaS Security.

The challenge in remediating the threats posed by endpoints and devices lies in the ability to correlate between the SaaS app users, their roles, and permissions with their associated devices' compliance and integrity levels. This end-to-end approach is what's needed for the organization to implement a holistic, zero-trust approach for their SaaS Security.
Click to expand...

How do you classify high-risk devices in the context of SaaS security?

Devices that are owned, or used by users with high levels of permission to the company's core SaaS apps. For example, someone who has high levels of access to the company's CRM can present a high risk to the company if their device is vulnerable and this needs to be remediated immediately. These high-risk devices serve as a critical threat vector to an organization's SaaS environment.

Security teams should continuously map devices to their users and their associated permissions to get a handle on which devices/users pose the highest risk.
Click to expand...

Log in or Sign up

The New Weak Link in SaaS Security: Devices

EASTER Registered Member

Log in or Sign up

The New Weak Link in SaaS Security: Devices

EASTER Registered Member

Useful Searches