In the era of hacking and malicious actors, a company’s cloud security posture is a concern that preoccupies most, if not all, organizations.
Yet even more than that, it is the SaaS Security Posture Management (SSPM) that is critical to today’s company security. Recently Malwarebytes released a statement on how they were targeted by Nation-State Actors implicated in SolarWinds breach. Their investigation suggested abuse of privileged access to Microsoft Office 365 and Azure environments.
Often left unsecured, it’s SaaS setting errors like misconfigurations, inadequate legacy protocols, insufficient identity checks, credential access, and key management that leave companies open to account hijacking, insider threats, and other types of leaks or breaches in the organization.
Gartner has defined the SaaS Security Posture Management (SSPM) category in 2020’s Gartner Hype Cycle for Cloud Security as solutions that continuously assess the security risk and manage SaaS applications’ security posture. Many don’t realize that there are two sides to securing company SaaS apps.
While SaaS providers build in a host of security features designed to protect the company and user data, potential vulnerabilities and configuration weakness still arise stemming from the company’s management of those configurations and user roles.
images from Hacker News