Justin Somaini, Chief Security Officer, Unity, and Adam Gavish, CEO, DoControl
Organizations use SaaS apps to drive business enablements across all departments and workforce. Collaboration with 3rd party vendors, customers, and partners over SaaS data is the new normal - and we just love it when things get done quickly right?
This poses two threats for security practitioners:
1. Insider threats
• Leaving employees share SaaS data with their personal accounts which not only exfiltrate company data with personal accounts but also pose extra risk since personal account in most cases don’t have multi-factor authentication set up
• Employees overexpose sensitive data internally (finance and engineering can consume each other’s information)
• Sensitive data is being shared with the wrong 3rd party
2. External threats
• 3rd party collaborators have access to your company data forever
• Your vendors share your company data with their vendors, who were never gone through a 3rd party risk assessment by you
• 3rd party collaborators with your company data with their personal accounts which in most cases don’t have multi-factor authentication set up
This is a candid discussion on the threat models above and beyond. Our goal is to raise awareness on what’s going on as well as suggest industry best practices and “war stories” so that you will walk away with better knowledge and tools to remediate such risks in your organization.