Top SaaS Security Dangers for 2022

Working in the cloud has gained great importance in recent years. We are increasingly working remotely and need to access files from any location. However, when using the cloud, different types of terms, features and services come into play, one of which is SaaS. The year 2021 is ending and it is time to take stock and establish budgets for 2022. In this regard, we must be prepared for the new challenges that we must face. In this article we are going to look at the main dangers to SaaS security for 2022.

SaaS, in case you don’t know, comes from the English acronym Software as a Service, which when translated means Software as a Service. In this case we find a service that basically offers the user a specific application without having to install anything. In addition to SaaS we have other cloud services such as IaaS, PaaS and CaaS, each with its own particularities. Now let’s go with the SaaS security dangers that we need to address.

Top SaaS Security Dangers for 2022

The problem of misconfiguration management

More and more companies are using SaaS applications such as Microsoft 365, Slack, and many others. Its goal is for workers to stay productive in the most challenging challenges of the pandemic and remote work. However, it is not all good news, many organizations are having a difficult time properly addressing the changing security risks of each application. This problem starts with the misconception that companies assign all the work to security teams to ensure that the security settings for each application are properly configured.

Although the idea may seem reasonable, the situation is very complex because no two applications are the same, so each one has different configurations. This has a further negative impact on SaaS environments because they contain hundreds of applications. Therefore, SaaS security is very complex to address and places a very heavy workload that falls squarely on the shoulders of security teams.

For that reason, these teams cannot monitor thousands of user permissions and settings on a daily basis to secure the organization’s SaaS application stack unless they have a SaaS Security Posture Management (SSPM) solution.

Dangers of excessive user privileges

On many occasions we have in the company, the typical worker who is not trained in security measures. In addition, if we add to this that you have access to certain privileges that sometimes you should not have, then you increase the risk that confidential information may be stolen, exposed or compromised. Today’s employees work everywhere and need strengthened governance for privileged access to data.

SaaS security in companies goes through the need to reduce the dangers caused by access by users with excessive privileges . You also need to streamline auditing reviews of user access to applications and gain consolidated visibility into account permissions and privileged activities of a person.

Ransomware and SaaS security

When cybercriminals decide to target SaaS applications, they can use more or less sophisticated procedures. In this regard, Kevin Mitnick in his video RansomCloud shows us an attack on a business email account through a SaaS application. The steps that I would follow are these:

  1. The cybercriminal sends a phishing email.
  2. The victim / user clicks the link and logs into their account.
  3. Then the application asks the user to allow access to read email and other functionalities. The victim clicks “OK”.
  4. An OAuth token is then created and sent directly to the cybercriminal. This OAuth token gives the cybercriminal control over the email or the cloud drive.
  5. The cybercriminal uses OAuth to access the email or cloud drive and encrypts it.
  6. Upon logging in, the victim will see their information encrypted and that the ransomware attack has been executed.
  7. The user receives a message asking to pay a ransom to regain access.

This is a typical attack that can affect our company’s SaaS security. Here’s why you shouldn’t pay a ransomware ransom. Finally, prevent these types of attacks, automate prioritization processes, and correct any misconfiguration problems.