EP148 Decoding SaaS Security: Demystifying Breaches, Vulnerabilities, and Vendor Responsibilities

Guest:

• Adrian Sanabria, Director of Valence Threat Labs at Valence Security, ex-analyst

Topics:

• When people talk about "cloud security" they often forget SaaS, what should be the structured approach to using SaaS securely or securing SaaS?

• What are the incidents telling us about the realistic threats to SaaS tools?

• Is the Microsoft 365 breach a SaaS breach, a cloud breach or something else?

• Do we really need CVEs for SaaS vulnerabilities?

• What are the least understood aspects of securing SaaS?

• What do you tell the organizations who assume that "SaaS vendor takes care of all SaaS security"?

• Isn't CASB the answer to all SaaS security issues? We also have SSPM now too? Do we really need more tools?

Resources:

• VIdeo (LinkedIn, YouTube)

• EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response?

• Valence 2023 State of SaaS Security report

• DHS Launches First-Ever Cyber Safety Review Board

• Enterprise Security Weekly podcast

• CloudVulnDb and another cloud vulnerability list

• Cyber Safety Review Board (CSRB) by CISA