Are we losing or gaining control of SaaS Data Access?

Logo
Presented by

Justin Somaini, Chief Security Officer, Unity, and Adam Gavish, CEO, DoControl

About this talk

Organizations use SaaS apps to drive business enablements across all departments and workforce. Collaboration with 3rd party vendors, customers, and partners over SaaS data is the new normal - and we just love it when things get done quickly right? This poses two threats for security practitioners: 1. Insider threats • Leaving employees share SaaS data with their personal accounts which not only exfiltrate company data with personal accounts but also pose extra risk since personal account in most cases don’t have multi-factor authentication set up • Employees overexpose sensitive data internally (finance and engineering can consume each other’s information) • Sensitive data is being shared with the wrong 3rd party 2. External threats • 3rd party collaborators have access to your company data forever • Your vendors share your company data with their vendors, who were never gone through a 3rd party risk assessment by you • 3rd party collaborators with your company data with their personal accounts which in most cases don’t have multi-factor authentication set up This is a candid discussion on the threat models above and beyond. Our goal is to raise awareness on what’s going on as well as suggest industry best practices and “war stories” so that you will walk away with better knowledge and tools to remediate such risks in your organization.

Related topics:

More from this channel

Upcoming talks (30)
On-demand talks (668)
Subscribers (45032)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa