Solution secures sensitive data in SaaS apps and integrates with 15 popular services including Salesforce, JIRA, GitHub, and Slack. Credit: Jeremy Perkins Data security authorization vendor Veza has announced a new solution for access security and governance across SaaS applications including Salesforce, GitHub, and Slack. Veza for SaaS Apps allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations – securing the attack surface associated with widespread SaaS app usage and enabling compliance with frameworks like ISO 27001 and GDPR, according to the firm.Organizations maintain an average of 125 different SaaS applications, but IT is typically only aware of a third of those due to decentralized ownership and sourcing, according to Gartner. As SaaS apps grow in popularity, security teams face significant challenges in managing and protecting the spread of data they use, with security and governance typically failing to keep pace with the rise of SaaS app usage. Securing access is complicated due to app-specific role-based access controls that many SaaS apps use. Meanwhile, SaaS apps are vulnerable to privilege sprawl and risky misconfigurations if security teams lack visibility of them.Veza for SaaS Apps features privileged access alerts, access control misconfiguration detectionVeza for SaaS Apps enables customers to secure sensitive data in SaaS apps against breaches, ransomware, and insider threats, Veza said in a press release. It integrates with 15 popular SaaS applications including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket via an out-of-band approach designed for increased flexibility, the firm added. Capabilities of Veza for SaaS Apps include: Privileged access monitoring alerts security teams of new grants of privileged access and privilege drift in SaaS apps, including new local admins in Salesforce. The solution monitors both human identities and machine identities like service accounts and third-party integrations, according to Veza.User access reviews and entitlement certifications automate the identity governance and administration process of periodic access reviews. The solution uses workflow rules to route requests for certification and provides decision-makers with authorization context to choose the least-permissive role, the company said.Monitoring of SaaS apps scans for administrative misconfigurations and policy violations with over 100 pre-built queries to monitor and detect common misconfigurations in permissions and access controls. As an example, the solution will alert the security team when users have access to sensitive data but do not have multifactor authentication (MFA) enabled.SaaS growth introduces cybersecurity shifts for organizationsLast October, the Cloud Security Alliance published SaaS Governance Best Practices for Cloud Customers, a whitepaper outlining a baseline set of fundamental security and governance practices for SaaS environments. It stated that organizations should develop SaaS-specific security strategies and architectures that guide the deployment and maintenance of SaaS applications, built around governing evaluation, adoption, usage, and termination of SaaS services.Organizations also need to ensure they consider SaaS providers as part of their third-party risk management programs and that incident response and business continuity plans and processes are updated accordingly, the guidance added. “The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. Failing to adjust accordingly can have devastating consequences such as disclosing sensitive data, loss of revenue, customer trust, and regulatory consequences,” the document read. Related content brandpost Sponsored by Microsoft Security Building an AI strategy for the modern SOC Transforming SOC teams with the power of AI—identify the highest risk areas, cybersecurity maturity, existing architecture and tools, and budgetary constraints…just to name a few. By Microsoft Security May 23, 2024 5 mins Security news Tracking manual attacks may deliver zero-day previews According to analysis from LexisNexis, human-based digital fraud attacks are increasing more quickly than bot-based attacks — a difference CISOs should leverage for their defenses. By Evan Schuman May 23, 2024 4 mins Cyberattacks Fraud Cybercrime news analysis Microsoft amps up focus on Windows 11 security to address evolving cyberthreats In addition to its Copilot+ secure-cored PC, the company announced enterprise security enhancements, admin privilege changes, and the deprecation of legacy authentication protocols. By Lynn Greiner May 23, 2024 7 mins Windows Security news LockBit no longer world’s No. 1 ransomware gang After dominating for eight months, LockBit has been overtaken by ransomware gang Play in the wake of a law enforcement crackdown and unmasking of LockBit’s alleged creator. By Viktor Eriksson May 23, 2024 2 mins Ransomware Cybercrime PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe