Solution secures sensitive data in SaaS apps and integrates with 15 popular services including Salesforce, JIRA, GitHub, and Slack. Credit: Jeremy Perkins Data security authorization vendor Veza has announced a new solution for access security and governance across SaaS applications including Salesforce, GitHub, and Slack. Veza for SaaS Apps allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations – securing the attack surface associated with widespread SaaS app usage and enabling compliance with frameworks like ISO 27001 and GDPR, according to the firm.Organizations maintain an average of 125 different SaaS applications, but IT is typically only aware of a third of those due to decentralized ownership and sourcing, according to Gartner. As SaaS apps grow in popularity, security teams face significant challenges in managing and protecting the spread of data they use, with security and governance typically failing to keep pace with the rise of SaaS app usage. Securing access is complicated due to app-specific role-based access controls that many SaaS apps use. Meanwhile, SaaS apps are vulnerable to privilege sprawl and risky misconfigurations if security teams lack visibility of them.Veza for SaaS Apps features privileged access alerts, access control misconfiguration detectionVeza for SaaS Apps enables customers to secure sensitive data in SaaS apps against breaches, ransomware, and insider threats, Veza said in a press release. It integrates with 15 popular SaaS applications including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket via an out-of-band approach designed for increased flexibility, the firm added. Capabilities of Veza for SaaS Apps include: Privileged access monitoring alerts security teams of new grants of privileged access and privilege drift in SaaS apps, including new local admins in Salesforce. The solution monitors both human identities and machine identities like service accounts and third-party integrations, according to Veza.User access reviews and entitlement certifications automate the identity governance and administration process of periodic access reviews. The solution uses workflow rules to route requests for certification and provides decision-makers with authorization context to choose the least-permissive role, the company said.Monitoring of SaaS apps scans for administrative misconfigurations and policy violations with over 100 pre-built queries to monitor and detect common misconfigurations in permissions and access controls. As an example, the solution will alert the security team when users have access to sensitive data but do not have multifactor authentication (MFA) enabled.SaaS growth introduces cybersecurity shifts for organizationsLast October, the Cloud Security Alliance published SaaS Governance Best Practices for Cloud Customers, a whitepaper outlining a baseline set of fundamental security and governance practices for SaaS environments. It stated that organizations should develop SaaS-specific security strategies and architectures that guide the deployment and maintenance of SaaS applications, built around governing evaluation, adoption, usage, and termination of SaaS services.Organizations also need to ensure they consider SaaS providers as part of their third-party risk management programs and that incident response and business continuity plans and processes are updated accordingly, the guidance added. “The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. Failing to adjust accordingly can have devastating consequences such as disclosing sensitive data, loss of revenue, customer trust, and regulatory consequences,” the document read. Related content news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry news Australian federal budget outlines investment in cybersecurity The Australian government announced its 2024-25 federal budget and CSO has selected highlights that indicate how much will go towards cybersecurity and in what areas. By Samira Sarraf May 14, 2024 5 mins Fraud Protection and Detection Software Data and Information Security brandpost Sponsored by Microsoft Security New threat trends emerge out of East Asia With total vigilance concerning the latest East Asian developments in the threat landscape, security leaders can enhance their readiness to safeguard against the most imminent dangers. By Microsoft Security May 14, 2024 5 mins Security news Equipped with AI tools, hackers make apps riskier than ever The odds of attacks are growing as attackers can now easily access code modification and reverse engineering tools. By Shweta Sharma May 14, 2024 4 mins Application Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe