Business Security Weekly (Audio) Shadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO - Mike Puglia - BSW #424
Dec 3, 2025
In this discussion, Mike Puglia, General Manager of Kaseya Labs and veteran in cybersecurity, addresses the hidden threats in SaaS applications like Microsoft 365 and Salesforce. He highlights how attackers exploit weaknesses via hijacked tokens and misconfigured settings. Mike also emphasizes the importance of beyond-basic protections, such as implementing telemetry and managing SaaS integrations. The conversation explores the evolving role of the Chief Trust Officer and the strategies for SMEs to enhance SaaS security while navigating the complexities of modern IT infrastructure.
AI Snips
Chapters
Transcript
Episode notes
SaaS Is A Critical Blind Spot
- SaaS applications (Google, Microsoft 365, Salesforce) are blind spots compared to endpoints and networks.
- Compromise of a SaaS account can be as devastating as a server breach because of documents, authentication, and business workflows.
You Can't Fully Outsource SaaS Risk
- Organizations outsourced perceived security to cloud providers but cannot fully outsource the risk.
- Resilience depends on monitoring your tenant and planning for provider outages and authentication loss.
Instrument Your SaaS Tenants
- Monitor and instrument your tenant or instance to get visibility into anomalous activity.
- Use centralized detection across Microsoft 365, Salesforce, Google Workspace rather than relying on each vendor's native logs.