EP148 Decoding SaaS Security: Demystifying Breaches, Vulnerabilities, and Vendor Responsibilities

Guest: Adrian Sanabria,  Director of Valence Threat Labs at Valence Security, ex-analyst Topics: When people talk about “cloud security” they often forget SaaS, what should be the structured approach to using SaaS securely or securing SaaS? What are the incidents telling us about the realistic threats to SaaS tools? Is the Microsoft 365 breach a SaaS breach, a cloud breach or something else? Do we really need CVEs for SaaS vulnerabilities? What are the least understood aspects of securing SaaS? What do you tell the organizations who assume that “SaaS vendor takes care of all SaaS security”? Isn’t CASB the answer to all SaaS security issues? We also have SSPM now too? Do we really need more tools? Resources: VIdeo (LinkedIn, YouTube) EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response? Valence 2023 State of SaaS Security report DHS Launches First-Ever Cyber Safety Review Board Enterprise Security Weekly podcast CloudVulnDb and another cloud vulnerability list Cyber Safety Review Board (CSRB) by CISA