Grip Security Adds SaaS Security Posture Management Offering – Source: securityboulevard.com

Grip Security today extended its portfolio of tools for securing software-as-a-service (SaaS) applications to provide an ability to proactively identify misconfigurations and enforce best cybersecurity practices.

The SaaS Security Posture Management (SSPM) addition being made generally available by Grip Security complements an existing offering that organizations use to unify the management of SaaS applications by, for example, uncovering dormant or unauthorized accounts.

Grip Security CEO Lior Yaari said organizations can now look to a single vendor to unify the management and security of their SaaS applications.

The number of SaaS applications being employed by organizations exploded in the wake of the COVID-19 pandemic. Multiple business units independently often decided to make use of a SaaS application to enable remote workers to more easily collaborate. However, as the economic outlook has become less rosy in the last few years, many organizations have been making a concerted effort to rationalize the number of SaaS applications being used.

Those efforts in addition to reducing costs have also enabled cybersecurity teams to reduce the overall size of the attack surface that needs to be defended. Unfortunately, many of these SaaS applications have been configured by administrators who have limited cybersecurity expertise, making it relatively easy for cybercriminals to steal credentials and then escalate privileged access.

At the same time, the volume of cyberattacks launched against SaaS application platforms continues to steadily increase. Cybercriminals tend to view these applications as a primary attack vector because any potential breach might give them access to multiple customer accounts that can be exploited to maximum effect.

These days cybercriminals don’t so much as break into IT environments so much as simply login, noted Yaari.

The Grip Security SSPM tools combat those threats by continuously scanning for misconfigurations and other signs to drift in real-time, he added. It also ensures organizations are aligned with, for example, the Secure Cloud Business Applications (SCuBA) framework defined by the Cybersecurity Infrastructure and Security Agency (CISA), said Yaari.

It’s not clear how aggressively organizations are unifying the management of SaaS applications, however, as the total cost of SaaS applications steadily increases it becomes apparent there is a great need to proactively manage the number of users that have access to various accounts. That’s especially critical in that age of artificial intelligence (AI) when end users are more likely than ever when end users are likely to inadvertently share sensitive data with a cloud service without considering the terms and conditions buried in a licensing agreement that most individuals never read, noted Yaari.

Once any effort to address those issues is underway, it’s only a matter of time before determining how best to secure access to SaaS applications becomes part of that agenda, he added.

One way or another, it’s apparent SaaS application security needs to move higher up the corporate agenda. The only thing left to resolve is who in the organization will take responsibility for it, across what can easily become hundreds of applications.