Name: State of SaaS Security Report 2024: Bold Moves Required to Secure SaaS
Start: 2024-08-27T15:00:00Z
End: 2024-08-27T15:00:00.000Z
Location: BrightTALK
Rating: 0

AppOmni is the leading provider of enterprise level SaaS security. Its patented technology continuously scans APIs, security controls, and configuration settings to compare the current state of enterprise SaaS deployments against best practices and business intent. AppOmni was founded by top security practitioners and is trusted by many of the world's largest enterprises across technology, healthcare, banking, and security. For more information, please visit https://appomni.com.

See How to Achieve
1. Standardized least privilege access across your SaaS applications
2. Continuous monitoring and closed loop ZT implementation
3. Granular access decisions to prevent privilege misuse
4. Dynamic policy enforcement to reauthorize users based on context and behavior
5. Configuration assurance to prevent drift and ensure compliance

Enterprises are accelerating cloud migrations, building business resilience, and enabling hybrid work by adopting zero trust (ZT) architectures. According to the “Security Outcomes for Zero Trust” report by Cisco, 86% of respondents report that they have already started a ZT implementation.

Zero Trust Posture Management (ZTPM) extends the zero trust architecture beyond the network to SaaS applications and data. Join AppOmni CTO, Brian Soby to learn the ZTPM principles that secure THROUGH applications to create an end-to-end ZT architecture.

Bolstering SaaS Security with Zero Trust Posture Management

Recent breaches, from Snowflake to Midnight Blizzard, have underscored the security in SaaS environments exploited by hackers. Safeguarding these environments demands a proactive, integrated approach to threat detection and posture management. This session will explore the intersection of these domains, offering actionable insights and strategies to enhance SaaS security.

Guarding the SaaS Landscape: Integrating Threat Detection and Posture Management

Enterprises are accelerating cloud migrations, building business resilience, and enabling hybrid work by adopting zero trust (ZT) architectures. According to the “Security Outcomes for Zero Trust” report by Cisco, 86% of respondents report that they have already started a ZT implementation. 

Traditional ZT implementations are focused on securing user access TO applications using zero trust network access (ZTNA). However, as businesses increasingly rely on SaaS applications for their operations, security teams find that traditional ZTNA implementation often overlook critical gaps at the application and data level. These gaps include misconfigurations in access controls, unchecked privileges, data leaks, and overlooked third-party integrations. 

Zero Trust Posture Management (ZTPM) extends the zero trust architecture beyond the network to SaaS applications and data. Join AppOmni CTO, Brian Soby on Tuesday, June 18, 2024 to learn the ZTPM principles that secure THROUGH applications to create an end-to-end ZT architecture. See how to achieve:

1. Standardized least privilege access across your SaaS applications 
2. Continuous monitoring and closed loop ZT implementation
3. Granular access decisions to prevent privilege misuse
4. Dynamic policy enforcement to reauthorize users based on context and behavior
5. Configuration assurance to prevent drift and ensure compliance

Bolstering SaaS security with Zero Trust Posture Management

SaaS is the operating system of business - organizations have come to rely on their SaaS applications to conduct business. But SaaS also now represents one of the largest attack surfaces that businesses have to defend. Why has SaaS become the new battleground in cybersecurity and how are attacks happening?  

Join AppOmni security researchers on this webinar to learn more about the SaaS threat landscape. You will learn: 
- What the modern SaaS attack surface and kill chain look like
- What Threat Actors are going after SaaS?
- Why are the attackers winning?
- What are the common TTPs in SaaS attacks
- Effective controls to reduce the likelihood of Threat Actor success

The webinar will also discuss the key aspects of how to construct a SaaS security program to gain control over your SaaS estate.

Presented by: 
Cory Michal, Vice President, Security & IT
Harold Byun, Chief Product Officer, AppOmni

Understanding and Protecting your SaaS Attack Surface - Threat Briefing Analysis

Presented By:
Joseph Thacker, Principal AI Engineer, AppOmni
Chad Knipschild, Senior Product Marketing Manager, AppOmni

AI certainly brings incredible benefits to businesses and security professionals. But there’s a balance to ensure businesses and SaaS applications remain secure. In this session we will explore the balance between leveraging AI for enhanced security postures and recognizing the inherent risks it may bring. 

Join us for the discussion to harness AI’s potential responsibly while securing an organizations’ digital ecosystems as we:

- Debunk AI security myths to foster a balanced understanding.
- Identify risk assessment strategies for AI-powered features and applications.
- Navigate third-party security implications of AI-powered third-party services.
- Discuss a forward-thinking approach to AI governance and compliance.

AI Security: Balancing Business and SaaS Risks

Presented by: 
Alec Peiffer, Senior Director of Product Management, AppOmni
Aaron Costello, Principal SaaS Security Engineer, AppOmni 
John Filitz, Head of Product Marketing, AppOmni

SaaS is now the de facto IT operating model, hosting critical data and workflows across 500 to 1,000 apps for the average enterprise organization. Security teams and app owners alike have faced challenges with a lack of visibility into the cyber risk that each SaaS app and SaaS-to-SaaS connection presents.

Now, solutions like SaaS Security Posture Management (SSPM) enable unparalleled observability, continuous monitoring, and control over an entire SaaS estate. By adopting SSPM as part of a broader security program, enterprises can move to a risk-based approach to SaaS security.

Join AppOmni’s SaaS security experts as they dive into:
- The growing adoption of SaaS as the leading driver of public cloud growth
- The criticality of SaaS data, the cornerstone of many enterprise operations
- Insights on the Salesforce Community data leak risks
- The reality of a SaaS breach, highlighting key SaaS breaches
- Best practices for SaaS cyber risk prioritization
- Recommendations for securing your SaaS estate

A Risk-Based Approach to SaaS Security

Presented By: 
Brian Soby, Founder and CTO, AppOmni
Rachel Beard, Security Technical Architect, Salesforce
John Filitz, Group Product Marketing Manager, AppOmni
 
Sign up to listen to this insightful webinar in collaboration with AppOmni and Salesforce, tailored for security and Salesforce professionals keen on strengthening the security of their platform. In an era where data breaches and cyber threats are on the rise, safeguarding your Salesforce environment has never been more critical.
 
AppOmni’s CTO, Brian Soby, and Salesforce’s Security Technical Architect, Rachel Beard, address the following topics:
 
✓ How to build a robust SaaS cybersecurity security program around Salesforce
✓ Technology challenges and impacts
✓ The importance of a Salesforce SaaS Security program
✓ The evolution of the Salesforce ecosystem and its challenges

The Importance of Building and Scaling a Salesforce SaaS Cybersecurity Program

The major breaches of 2023 were primarily associated with SaaS applications. Despite the critical role SaaS apps play in numerous businesses, many security teams do not have the expertise and tools to safeguard against these breaches. This is where SaaS Security Posture Management (SSPM) can help.

Join us for a review of the SaaS breaches of 2023 as we:

• Highlight methods and mitigations used in 2023 SaaS breaches
• Assess tactics for breaches in 2024
• Discuss the significance of a posture-centric approach to SaaS Security

I Just Can't Wait to be Secure: 2023's SaaS Breaches

Well-orchestrated spear phishing campaigns targeted at SaaS super admins are swiftly becoming a leading cyber threat. Threat actors are finding new ways to steal credentials from highly privileged accounts to “live off the land.”

Threat actors exploited a novel attack method in the recent Okta HAR compromise, where they targeted an identity provider (IdP) with the intent to exploit its customer organizations. In addition to Okta being compromised, this compromise successfully targeted several Okta customer organizations.

Learn step-by-step how this identity-centric breach occurred, the common attacker tactics, techniques, as well as procedures, and why managing your SaaS identity security without SaaS security posture management (SSPM) places organizations at risk for compromise and data loss. 

In this webinar, presented by AppOmni, we’ll discuss:
• The common attacker tactics used in the Okta HAR breach
• Why proactively securing and continuously monitoring the SaaS attack surface and ensuring appropriate security configurations of an Okta instance is essential
• How SSPM conducts event monitoring to detect anomalous activity from a customer’s Okta instance, including being able to detect and alert on rogue IdP registrations

Okta Compromise in Focus: How to Safeguard SaaS Identities with SSPM

Mergers and Acquisitions (M&A) are increasingly encountering a reality that a significant proportion of either the merged or acquired entity is constituted by a virtual, Software-as-a-Service (SaaS) footprint. The SaaS-fication of business includes many of the core business processes and proprietary data, with large enterprises having hundreds or thousands of SaaS apps deployed. 

Until recently, observability into the SaaS estate has been limited, the equivalent to buying a house sight unseen. This is because existing cloud security solutions such as Cloud Access Security Brokers (CASBs) are unable to provide insight to the SaaS app configuration and permission settings, including SaaS-to-SaaS connections. Only by leveraging a SaaS Security Posture Management (SSPM) solution can security and risk leaders effectively perform the necessary SaaS cybersecurity due diligence to understand and manage the cyber risks associated with the M&A process. 

A SSPM solution provides SaaS cyber risk observability from a single pane of glass, effectively shining a light onto current and potential future state SaaS cyber risks, including over-permissioned end-users and exposed sensitive data.

Boost your M&A Program with SSPM

In the current state of SaaS cybersecurity, there’s a disconnect between security practitioners’ perceptions of their SaaS cybersecurity maturity and the actual reality. A majority feel overconfident in their SaaS cybersecurity strategies, but our findings paint a different picture, revealing that organizations aren’t effectively managing SaaS cybersecurity risk at scale as much as they perceive.

From our survey of over 600 security practitioners for our report, we learned that 79% of organizations suffered a SaaS cybersecurity incident in the last year. We find that one of the key challenges organizations face is obtaining risk visibility into their SaaS attack surface. But we see a silver lining: Organizations are aware of risks posed by unsecured SaaS and are now prioritizing SaaS cybersecurity as a top 3 initiative.

In this webinar, presented by AppOmni, we will discuss:

The latest trends and findings from The State of SaaS Cybersecurity Posture 2023 Report
• How to gain actionable end-user-centric insights
• Actions to take to reduce your SaaS attack surface

CISOs Overestimate SaaS Cybersecurity Posture — How to Secure Your SaaS Data

Industry analysts estimate that 99% of cloud data breaches will be traced back to preventable misconfigurations made by end-users. Yet companies are disproportionately allocating resources to secure the public cloud infrastructure instead of SaaS, which is the number one way organizations consume cloud.

Modern enterprises today leverage 50 or more SaaS apps. With countless configuration changes and fast release cycles, manual security management is a near-impossible task. The lack of visibility over apps makes them appear secure on the surface, but the underlying data schema may be leaking sensitive data.

SaaS Security Posture Management solutions (or SSPM) enables visibility into configuration and data exposure risk across an entire SaaS estate by providing a universal control plane. It’s only after accurately observing and quantifying cyber risks in SaaS can organizations take the necessary steps to address them at scale. 

In this webinar with AppOmni and Accenture, you’ll learn:
• What makes SaaS clouds different
• Why approaches and tooling that work for “traditional” cloud (IaaS and PaaS) security are inapplicable and insufficient to address SaaS security requirements at scale
• What to look for in SaaS that demands additional security measures
• Best practices in SaaS security configuration and monitoring
• Key approaches to build and operationalize a SaaS security program

Securing SaaS: The Missing Component of Cloud Security

Proper permissioning is foundational to secure implementation and administration of SaaS applications. Customer demand and vendors build fine-grained and highly flexible permissioning models but inadvertently make understanding who exactly has access to what extraordinarily difficult. Compounding this challenge is each app’s unique approach to permissioning, and even apps that appear to have similar models often differ in nuanced but meaningful ways. Multiply this situation by hundreds of apps in an enterprise portfolio and you understand why applying and maintaining effective permissions is nearly impossible for today's app owners and security team. Join AO Labs and it’s SaaS security experts to understand the realities of modern SaaS permissioning, its challenges, possible attack vectors, and ways you can protect your organization.

Untying the Gordian Knot: Making Sense of SaaS App Permissions Models

Nearly every enterprise relies on Salesforce to manage customer relationships and build new applications designed to drive business outcomes and innovation. But a secure Salesforce environment requires more than configuration management to mitigate a SaaS breach.

Overlooking the shared responsibility during implementation and in everyday operations can lead to potential risks. Salesforce admins, security practitioners, and IT teams need visibility into Salesforce security settings – along with the plug-ins and SaaS-to-SaaS apps connected to it – to remediate issues promptly and decisively.

Join Salesforce Security Technical Architect Rachel Beard and AppOmni CTO & Co-Founder Brian Soby to learn:
• The details and implications of the SaaS security shared responsibility model
• Why proactive event monitoring and alerts for prevention are essential
• Methods for detecting configuration drifts and over-permissioned users 
• How to sequence the event and alerts within Salesforce and its SaaS ecosystem for breach detection and remediation

How to Fortify Your Salesforce Ecosystem Security

Dive into the latest insights from the 2024 State of SaaS Security Report in our upcoming webinar. This year’s report, drawn from a survey of IT and cybersecurity experts globally, highlights shifts in SaaS security management. Explore how decentralizing security responsibilities across departments reshapes governance, address the gap between accountability and implementation in security measures, and prioritize visibility into SaaS attack surfaces and risks.

Key Takeaways:
-SaaS Security Self Assessment: How are organization’s rating their SaaS Security Maturity.
-Responsibility vs Accountability Gap: Align accountability with responsibility to minimize tensions and enhance cybersecurity efforts.
-Risk Visibility into SaaS Attack Surfaces: Gain crucial insights to continuous monitoring to effectively identify and mitigate risks associated with SaaS applications.
-SaaS Security Optimization: How will SaaS security evolve in the next 1-3 years.

Join us to confront confusion over responsibilities and risks, and discover bold strategies to secure SaaS. Empower your CISO, security team, and application owners with actionable insights.

Grab the full report post-webinar to dive deeper into these critical findings.

State of SaaS Security Report 2024: Bold Moves Required to Secure SaaS

Cyber Security

saas security

Threat Detection

SaaS Security Report

SSPM

Posture Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

State of SaaS Security Report 2024: Bold Moves Required to Secure SaaS

Presented by

About this talk

More from this channel