Solution secures sensitive data in SaaS apps and integrates with 15 popular services including Salesforce, JIRA, GitHub, and Slack. Credit: Jeremy Perkins Data security authorization vendor Veza has announced a new solution for access security and governance across SaaS applications including Salesforce, GitHub, and Slack. Veza for SaaS Apps allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations – securing the attack surface associated with widespread SaaS app usage and enabling compliance with frameworks like ISO 27001 and GDPR, according to the firm.Organizations maintain an average of 125 different SaaS applications, but IT is typically only aware of a third of those due to decentralized ownership and sourcing, according to Gartner. As SaaS apps grow in popularity, security teams face significant challenges in managing and protecting the spread of data they use, with security and governance typically failing to keep pace with the rise of SaaS app usage. Securing access is complicated due to app-specific role-based access controls that many SaaS apps use. Meanwhile, SaaS apps are vulnerable to privilege sprawl and risky misconfigurations if security teams lack visibility of them.Veza for SaaS Apps features privileged access alerts, access control misconfiguration detectionVeza for SaaS Apps enables customers to secure sensitive data in SaaS apps against breaches, ransomware, and insider threats, Veza said in a press release. It integrates with 15 popular SaaS applications including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket via an out-of-band approach designed for increased flexibility, the firm added. Capabilities of Veza for SaaS Apps include: Privileged access monitoring alerts security teams of new grants of privileged access and privilege drift in SaaS apps, including new local admins in Salesforce. The solution monitors both human identities and machine identities like service accounts and third-party integrations, according to Veza.User access reviews and entitlement certifications automate the identity governance and administration process of periodic access reviews. The solution uses workflow rules to route requests for certification and provides decision-makers with authorization context to choose the least-permissive role, the company said.Monitoring of SaaS apps scans for administrative misconfigurations and policy violations with over 100 pre-built queries to monitor and detect common misconfigurations in permissions and access controls. As an example, the solution will alert the security team when users have access to sensitive data but do not have multifactor authentication (MFA) enabled.SaaS growth introduces cybersecurity shifts for organizationsLast October, the Cloud Security Alliance published SaaS Governance Best Practices for Cloud Customers, a whitepaper outlining a baseline set of fundamental security and governance practices for SaaS environments. It stated that organizations should develop SaaS-specific security strategies and architectures that guide the deployment and maintenance of SaaS applications, built around governing evaluation, adoption, usage, and termination of SaaS services.Organizations also need to ensure they consider SaaS providers as part of their third-party risk management programs and that incident response and business continuity plans and processes are updated accordingly, the guidance added. “The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. Failing to adjust accordingly can have devastating consequences such as disclosing sensitive data, loss of revenue, customer trust, and regulatory consequences,” the document read. Related content news CISA inks 68 tech vendors to secure-by-design pledge — but will it matter? CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law. By Jon Gold May 10, 2024 4 mins Regulation Technology Industry Security Practices news Google Chrome gets a patch for actively exploited zero-day vulnerability Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists. By Lucian Constantin May 10, 2024 3 mins Threat and Vulnerability Management Zero-day vulnerability Vulnerabilities news Dell data breach exposes data of 49 million customers The company says the breach compromised non-critical customer data and involved no sensitive personal or financial information. By Shweta Sharma May 10, 2024 3 mins Data Breach Hacking feature Social engineering: Definition, examples, and techniques Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Train yourself to spot the signs. By Josh Fruhlinger May 10, 2024 15 mins Phishing Social Engineering PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe