Cloud Security Podcast by Google

EP148 Decoding SaaS Security: Demystifying Breaches, Vulnerabilities, and Vendor Responsibilities

Nov 12, 2023

Adrian Sanabria, Director of Valence Threat Labs, talks about the structured approach to securing SaaS and the realistic threats to SaaS tools. They discuss the Microsoft 365 breach and the need for CVEs in SaaS vulnerabilities. The least understood aspects of securing SaaS are also addressed. The misconception that SaaS vendors handle all security responsibilities is debunked. The importance of IAM culture and hygiene governance in SaaS security is emphasized.

29:44

Creator website

Episode guests

Adrian Sanabria

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Recent breaches have highlighted the need for customers to take steps to secure their own SaaS usage.

Effective SaaS security requires attention to detail and a focus on hygiene and governance practices.

Deep dives

Securing SaaS: Challenges and Unique Aspects

Securing SaaS platforms poses unique challenges. Each SaaS platform has its own configuration options and security features. Many businesses assume that configuring security settings is sufficient to secure SaaS, but recent breaches have shown that the risk of a SaaS vendor being breached is not negligible. While top-tier vendors may have stronger security measures, paper security, contracts, and questionnaires are not always enough. Shared responsibility between customers and SaaS vendors can be blurred, making it necessary for customers to take steps to secure their own SaaS usage.

Introduction

4min

The Evolution of SaaS Security and Application Integration

2min

Challenges of Shared Responsibility, Lack of Logs, and Recurring Security Issues

2min

CVEs in Cloud and SaaS Security

6min

The Misconception of SaaS Security Vendors and the Importance of IAM Culture

13min

Hygiene Governance Focus and Recommended Reading for SaaS Security

3min

Guest:

Adrian Sanabria, Director of Valence Threat Labs at Valence Security, ex-analyst

Topics:

When people talk about “cloud security” they often forget SaaS, what should be the structured approach to using SaaS securely or securing SaaS?
What are the incidents telling us about the realistic threats to SaaS tools?
Is the Microsoft 365 breach a SaaS breach, a cloud breach or something else?
Do we really need CVEs for SaaS vulnerabilities?
What are the least understood aspects of securing SaaS?
What do you tell the organizations who assume that “SaaS vendor takes care of all SaaS security”?
Isn’t CASB the answer to all SaaS security issues? We also have SSPM now too? Do we really need more tools?

Resources:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cloud Security Podcast by Google

EP148 Decoding SaaS Security: Demystifying Breaches, Vulnerabilities, and Vendor Responsibilities

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Securing SaaS: Challenges and Unique Aspects

The Importance of Lifecycle Management in SaaS Security

Challenges in Implementing SaaS Security

The Evolution of CASB and the Need for Next-Gen SaaS Security

Remember Everything You Learn from Podcasts