SaaS continues to represent an ever-expanding component of an organization’s attack surface. Lately, we’ve seen a spike in interest in SaaS management and SaaS security products largely driven by a significant increase in data breaches originating from SaaS applications. As yet another example of the complexities caused by SaaS, 2023 kicked off with Slack announcing it detected a “security issue involving unauthorized access to a subset of Slack’s code repositories.” Slack said an unknown threat actor stole Slack employee tokens and used them to access its external GitHub repository and download some of the company’s code.
Okta and Dropbox each experienced similar security incidents in 2022, in which code repositories were accessed and copied.
The increasing number and scope of GitHub-related security breaches on widely adopted SaaS applications prove how vulnerable confidential intellectual property or sensitive data can be.
The emerging market of SaaS Management solutions aims to tackle not only operational but also security challenges of SaaS around specific applications like GitHub.
Let’s take a deep dive into the best practices and specific areas those solutions may help address.
What practices can you implement right now to improve your SaaS security posture and minimize your vulnerability to this type of threat? We identified a few valuable initiatives worth putting in place:
By adopting the new approach to SaaS, Axonius lets customers address both the security risk and operational challenges of SaaS.
Axonius SaaS Management enables customers to effectively put these best practices into action by:
"Culture is the foundation for any high-performing team. We all process information differently, we listen differently. We come from different backgrounds and experiences. No matter who you are, I want to know that. I want to understand what makes you you and treat you the way you want to be treated, not how I project myself onto you.”
— Jen Easterly, director, Cybersecurity and Infrastructure Security Agency (CISA)
“[Create an environment] where people can understand when they can take time off and not feel like everything is going to fall apart. [Where] they have a plan for their career and how they’re going to grow. [Where] they have time to be with their friends and family enough not to be burned out."
— Deidre Diamond, founder and CEO of CyberSN and Security Diversity
“Actively invite engagement, listen with purpose, and look for signs of burnout. You can't expect everyone to feel equally comfortable expressing an opinion, and so it's important to solicit feedback at times as opposed to always passively expecting it. When you are getting engagement, listen with purpose. Make an effort to not only hear what's being said, but understand and empathize. Lastly, look for signs of burnout. … If you're noticing signs of burnout on the team, look for ways to intervene, like ensuring adequate team resourcing/load balancing to create a healthy work/life balance for everyone, and that team members are able to take PTO."
— Daniel Trauner, senior director of security, Axonius
“We need an environment where failure is not only tolerated, but an understood aspect of innovation. Our attackers are failing forward every single day, [and] we deserve the ability to do the same if we are going to protect our people, data, and organizations.”
— Chris Cochran, co-founder at Hacker Valley Media and creative director at Axonius
41 Madison Avenue, 37th Floor
New York, NY 10010