With the current global economic downturn, budget cuts and layoffs are taking their toll on organizations across all sectors, with security teams often significantly hurt by these ramifications. CISOs must therefore find innovative ways to close the gap between shrinking budgets and increasing security demands, and must become more lean, efficient and cost-effective, without degrading their security posture in the process.       

The economic change may lead to business slowing down, but hackers won’t – they will only become more aggressive as they grow more desperate to find lucrative targets. Therefore, security teams should prioritize automating manual and labor-intensive tasks by using technology and democratizing security remediation processes to accommodate modern, decentralized IT environments. 

Today, the democratization of IT has empowered business users across organizations to directly manage best-of-breed SaaS applications themselves, without IT security review or governance. This trend has greatly reduced deployment time and enhanced business agility, productivity and collaboration within countless organizations as they grow increasingly interconnected to automate business processes and data exchange. These integrations use direct APIs, OAuth apps in SaaS marketplaces, and no-low code citizen development platforms such as Zapier, Workato, and Mulesoft. 

Now, every business unit and end user has the ability to adopt new SaaS applications and integrate third-party vendors that constantly change and expand the SaaS topology, making manual tracking of these changes increasingly laborious and inefficient. The risk of unvetted supply chain access to business-critical applications grows, while security teams struggle with ensuring proper coverage of third-party risk management (TPRM) programs that lack context and visibility into which vendors have access to their applications and the scope/exposure of such access. 

SaaS supply chain attacks will accelerate 

The authors of Verizon’s recently published 15th Annual Data Breach Investigations Report note a sudden, explosive growth in incidents related to third-party vendors and the SaaS supply chain in the past couple of years. They point to the SolarWinds attack of late 2020 – and the cascade of data breach incidents in 2021 that flowed from that initial hack – as the ignition point for SaaS supply chain attacks. They say the trend indicates some larger forces at work, and likely portends a needed shift in cybersecurity priorities going forward. The multiple supply chain breaches occurring in just the first few months of 2022, including the GitHub OAuth attack campaign and Okta (LAPSUS$) breach, certainly reinforce this line of thinking. It is critical to quickly mitigate the vulnerabilities related to third-party integrations with core SaaS applications that can increase the risk of supply chain attacks. Doing so cost-effectively requires a higher degree of automation in mitigation processes. 

Automate with democratized mitigation workflows 

In a perfect world, every new or evolving integration would get approved by the security team before it gains access to the organization. Unfortunately, in today’s modern working environment, security teams are often unfamiliar with business SaaS owners who onboard applications and generate integrations without security oversight. These business owners do not operate with malicious intent; they are most likely unaware of the risks, unsure of what the proper SaaS security workflows entail, or are simply indifferent to security needs if they believe that they get in the way of business needs. Rather than burden IT, HR and myriad other teams tasked with increasing security awareness, automated workflow mitigation solutions do not rely on the individual user and their interest in security controls, and can actually increase employee awareness about SaaS security risks.  

Automated collaboration workflows can inform the user on who they should consult when a problem arises, identify dormant and over-privileged applications, provide business context to their use and alert when integrations are over-privileged. SaaS owners benefit from heightened security awareness with minimal effort, reducing overhead and redundancy, and they will also strengthen their organization’s security posture by enlisting business owners as front-line defenders against supply chain attacks.  

Automate remediation to minimize supply chain risks 

Automated remediation workflows implement deep, comprehensive reviews into existing application stacks on a continuous basis, evaluate sanctioning and ensure offboarding without burdening security and other teams. As an added bonus, democratizing this remediation process across the organization helps distribute effort around mitigation and reduce workloads for IT teams.  

Automation in SaaS-to-SaaS integration security has added value as a way to cut down manual, labor-intensive tasks with automated collaboration and decentralized workflows, allowing security teams to focus on the 5% of events that matter most, while delivering business benefits that will have measurable impact as the market continues to be volatile.  

Yoni Shohet, co-founder and CEO, Valence Security