Breakpoint Security Podcast
Breakpoint-'Exploring the depths of Defensive Security'. The defensive side of Security is a world in itself with teams achieving amazing feats that involve excellent engineering practices and smart optimisation for scale. This is not talked about enough in the industry. Join me in the br3akp0int podcast as we reflect on the methods and approaches these smart teams use to solve practical challenges in information security and innovate their way into the future. Who is this meant for? : This podcast is for anyone in InfoSec willing to know more about advances in security techniques. This includes security researchers or professionals, product owners, compliance or cloud, AI/ML, threat intel, SecOps automation, Security Leaders, development teams, pentesters and security practitioners. A bit about me: I am a technical security enthusiast and have been dabbling my hands at both offensive and defensive security. I am passionate about growing security communities and have spoken and trained at various security conferences.
Breakpoint Security Podcast
#S02EP09 | Controlling your SaaS Sprawl with a SaaS Security Platform | Abhishek Anand
Just like cloud is omnipresent in 2023, SaaS sprawl is just as prevalent. A company on an average uses 110 SaaS apps and broadly 70% of the software that is being run is SaaS with issues even more severe at enterprise level.
SaaS security today is thought of as an IAM problem solved with an SSO integration but issues go beyond that, with misconfigurations leading to leaked data, insecure SaaS plugins opening up new threat vectors and how your services talk to other SaaS apps.
A lot of cloud security issues can be solved in orgs with good engineering practices but SaaS security is harder because users are spread across the organization and each tool has its own nuances, so IT/security teams find it hard to manage well. The general practice of allowing users to bring their own plugins and ways of use around SaaS apps is what creates security issues.
In this episode, we dive deep into SSP implementations for organisations.
Guest: Abhishek Anand, Co-Founder Koala Lab
Abhishek is a technology leader who built Housingdotcom as CTO and most recently built cloud infra at Whitehat Jr, where he led the platform and SRE teams. Over the course of his career, he has solved varied security problems and is currently building KoalaLab based on inspiration during his time building and securing infrastructure for these fast-growing companies.
Recommended reading/viewing for practitioners:
- SaaS Sprawl: https://www.zippia.com/advice/saas-industry-statistics
- 38% of companies run almost entirely on SaaS
- As of 2021, an average of 110 SaaS apps are used per organization.
- Approximately 70% of total company software use is SaaS as of 2022. However, this number has the potential to reach up to 85% by 2025, indicating that SaaS as software will only continue to become more popular.
- Salesforce leak of data: https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
- Google drive leaks: https://ny.chalkbeat.org/2021/8/5/22612388/data-breach-nyc-students-staff-google-drive
- Case: https://www.wired.co.uk/article/nhs-covid-19-app-health-status-future
- TL;DR: https://tldrsec.com/- Good newsletter covering a lot of security research
- SSP Coverage Reference: https://www.koalalab.com/saas-security
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
