Governance and Risk Management , Insider Threat , Video
Wing Security’s Ran Senderovitz on Dealing with Misconfigured SaaS Risks
Michael Novinson (Michael Novinson) •
August 28, 2023
Insider threats continue to cause significant concern in today’s digital environment. Malicious insiders grab attention with harmful intent, while unwary users often make unintentional mistakes, contributing to potential cybersecurity risks.
Related item: Live Webinar | Unmasking Pegasus: Understanding Threats and Strengthening Digital Defenses
Software-as-a-Service solutions offer employees the opportunity to deploy a variety of tools, but SaaS can unintentionally introduce risks through misconfigurations and inappropriate permissions, says Wing Security. Chief Operating Officer Ran Senderovitz said. He said that despite significant organizational effort to deal with malicious insiders, inattentive users are widespread and may not be perceived as a potential risk. said that they tend to use tools with
“There are several levels of risk. The first is onboarding applications that do not have the high security ratings and compliance that organizations require,” said Senderovitz. “You could unknowingly onboard a malicious application. Onboarding such an application would provision it with the wrong permissions. Gain access to read all information, all of which are misconfigurations around user permissions and data sharing, which can be a target for attacks if you use an application that is not secure enough for your organization.”
In a video interview with the Information Security Media Group at Black Hat USA 2023, Senderovitz also discussed:
- Risk of misconfiguration or unauthorized access.
- The need for organizations to increase productivity through SaaS applications.
- Security leaders are faced with gaining visibility into users’ application choices.
Senderovitz is a seasoned executive leader with a proven track record of transforming technology businesses into product, market and business leaders across silicon platforms, communications, IoT, personal computing, AI and GFX.