- CISO Series Newsletter
- Posts
- [10-10-23]--Threats In SaaS Are Closer Than They Appear
[10-10-23]--Threats In SaaS Are Closer Than They Appear
Threats In SaaS Are Closer Than They Appear
CISO Series Podcast
Threats In SaaS Are Closer Than They Appear
Organizations know that securing SaaS is vital. But security around SaaS apps is falling short and efforts to improve that security are complicated now that security teams act more as SaaS supervisors than app owners. How can we reduce the glaring gaps in our SaaS defenses?
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our sponsored guest, Rohan Sathe, co-founder and CTO, Nightfall AI.
New tech meets old policies
It’s a tale as old as time. A new technology comes out, users immediately see the value and want to use it. Remember everyone wanting to use the wheel? We’re seeing it now with generative AI. Despite being down this path before, many companies are choosing to outright ban it. A recent Reuters and Ipsos poll found that 10% of respondents worked for companies forbidding use of generative AI. But given the potentially transformative nature of the technology, it makes more sense to put up gates to allow users to safely use it, and realize the benefits, rather than throw down a ban hammer. History shows users will use it anyway, just without any oversight or control over your data.
Who owns SaaS security?
The rise of SaaS has forever changed the landscape of app security. AJ Yawn of Armanino looked at a finding from the Cloud Security Alliance’s Annual SaaS Security survey, finding that most organizations believe their current SaaS security solutions cover less than half of their apps. This marks a major change in the role of a cybersecurity team, going from owning the app end-to-end to acting more as a supervisor. Realizing this change in role also means we need to change how we address the gaps that exist in our own app security. The old rules often no longer apply.
Lock your cyber doors at night
If you’re an organization with any kind of physical presence, you know to put locks on the doors. It’s not a principle of physical security, it's common sense. But we don’t yet have an institutionalized knowledge for what are the basic survival needs when it comes to cybersecurity. This isn’t just an academic question, but an existential one. Adrian Sanabria of Valence Security keeps a list of companies destroyed by cybersecurity incidents. In cyber, there isn’t just one set of locks you can throw on the door, but a combination of patch management, access controls, backups, training, and network segmentation are needed to survive.
Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.
Thanks to our podcast sponsor, Nightfall AI
Best advice for a CISO...
"Everyone knows why they shouldn't block generative AI technology just given all of the massive productivity benefits they have. And so really the upside here is you may already have some existing technology in your security stack like a DLP tool that can really solve some of the visibility challenges with tools like ChatGPT." - Rohan Sathe, co-founder and CTO, Nightfall AI
Listen to full episode of
Is Remote Work Helping or Hurting Cybersecurity?
"It's pretty hard to learn in an apprenticeship model from like a master craftsperson to somebody that's learning the trade if you're not kind of in close proximity to them, there's a lot to be had there. But certainly more established security engineers don't really need five days a week in the office. Some of them certainly want it, there's a lot of value to that. But from a security perspective, I think about I'm all about security at the point of compute. We're kind of long past the days where the only place you can safely do work is in an office behind a firewall with corporate Wi-Fi. There's a lot of benefit here to leaning into being a more hybrid workplace." - Geoff Belknap, CISO, LinkedIn
Listen to full episode of
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter - Twice every week
Cyber Security Headlines Newsletter - Every weekday
Cyber Security Headlines - Week in Review
Make sure you
to join the LIVE "Week In Review" this Friday for
Cyber Security Headlines
with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Martin Choluj, vp security, ClickHouse.
Thanks to our Cyber Security Headlines sponsor, Hyperproof
Super Cyber Fridays!
What Do We Know About The Benefits and Concerns of AI?
AI can be a tremendous tool for doing things that humans aren't great at, but implementing it without an in-depth review is a recipe for a security disaster. To get ready for our Super Cyber Friday event happening this Friday, October 13th, 2023, Devin Harris, product manager, RiskOptics, and I chatted about why a lot of organizations are struggling to come up with answers to the tough security questions with AI.
Our topic of discussion will be “Hacking The Risks and Rewards of AI: An hour of critical thinking about how to safely embrace this emerging technology.”Joining me and Devin for our discussion “Hacking The Risks and Rewards of AI: An hour of critical thinking about how to safely embrace this emerging technology” will be Caleb Sima, former CSO, Robinhood.
Thanks to our Super Cyber Friday sponsor, RiskOptics
Thank you!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.