Solution secures sensitive data in SaaS apps and integrates with 15 popular services including Salesforce, JIRA, GitHub, and Slack. Credit: Jeremy Perkins Data security authorization vendor Veza has announced a new solution for access security and governance across SaaS applications including Salesforce, GitHub, and Slack. Veza for SaaS Apps allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations – securing the attack surface associated with widespread SaaS app usage and enabling compliance with frameworks like ISO 27001 and GDPR, according to the firm.Organizations maintain an average of 125 different SaaS applications, but IT is typically only aware of a third of those due to decentralized ownership and sourcing, according to Gartner. As SaaS apps grow in popularity, security teams face significant challenges in managing and protecting the spread of data they use, with security and governance typically failing to keep pace with the rise of SaaS app usage. Securing access is complicated due to app-specific role-based access controls that many SaaS apps use. Meanwhile, SaaS apps are vulnerable to privilege sprawl and risky misconfigurations if security teams lack visibility of them.Veza for SaaS Apps features privileged access alerts, access control misconfiguration detectionVeza for SaaS Apps enables customers to secure sensitive data in SaaS apps against breaches, ransomware, and insider threats, Veza said in a press release. It integrates with 15 popular SaaS applications including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket via an out-of-band approach designed for increased flexibility, the firm added. Capabilities of Veza for SaaS Apps include: Privileged access monitoring alerts security teams of new grants of privileged access and privilege drift in SaaS apps, including new local admins in Salesforce. The solution monitors both human identities and machine identities like service accounts and third-party integrations, according to Veza.User access reviews and entitlement certifications automate the identity governance and administration process of periodic access reviews. The solution uses workflow rules to route requests for certification and provides decision-makers with authorization context to choose the least-permissive role, the company said.Monitoring of SaaS apps scans for administrative misconfigurations and policy violations with over 100 pre-built queries to monitor and detect common misconfigurations in permissions and access controls. As an example, the solution will alert the security team when users have access to sensitive data but do not have multifactor authentication (MFA) enabled.SaaS growth introduces cybersecurity shifts for organizationsLast October, the Cloud Security Alliance published SaaS Governance Best Practices for Cloud Customers, a whitepaper outlining a baseline set of fundamental security and governance practices for SaaS environments. It stated that organizations should develop SaaS-specific security strategies and architectures that guide the deployment and maintenance of SaaS applications, built around governing evaluation, adoption, usage, and termination of SaaS services.Organizations also need to ensure they consider SaaS providers as part of their third-party risk management programs and that incident response and business continuity plans and processes are updated accordingly, the guidance added. “The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. Failing to adjust accordingly can have devastating consequences such as disclosing sensitive data, loss of revenue, customer trust, and regulatory consequences,” the document read. Related content news Zscaler shuts down exposed system after rumors of a cyberattack Initially dismissing rumors, Zscaler now says it did have a system exposed but nothing important has been accessed. By Shweta Sharma May 09, 2024 3 mins Data Breach Cyberattacks news Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies. By Prasanth Aby Thomas May 09, 2024 3 mins Generative AI Security Software news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities news Suspected Chinese hack of Britain’s Ministry of Defence linked to contractor, minister confirms The UK’s defence minister would not confirm that the attack was conducted by an element of the Chinese state, rather blaming the “potential failings” of a partner. By John Dunn May 08, 2024 4 mins Aerospace and Defense Industry Data Breach Government PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe