Why High Tech Companies Struggle with SaaS Security

It’s easy to think that high-tech companies have a security advantage over other, older, more mature industries. Mostly unencumbered by 40 years of old systems and software. They attract some of the world’s youngest and brightest digital natives to their ranks, all of whom have considered cybersecurity issues their entire lives.

It may be their familiarity with the technology that causes them to neglect SaaS security configurations. During the last Christmas holiday season, Slack had some private code stolen from its GitHub repository. According to Slack, the stolen code did not affect production, and no customer data was harvested.

Still, the breach should serve as a warning sign to other tech companies. The stolen tokens allow attackers to access GitHub instances and download the code. If this type of attack can happen to Slack on GitHub, it can happen to any high-tech company. Tech companies should take SaaS security seriously to prevent resources from being leaked or stolen.

App Breach: Recurring Stories

Slack’s mishap with GitHub isn’t the first time GitHub breaches have occurred. Back in April, OAuth tokens were stolen from Heroku and Travis CI managed OAuth apps, leading to attackers downloading data from dozens of private code repositories.

MailChimp, a SaaS application used to manage email campaigns, experienced three breaches over 12 months during 2022-23. Customer data is stolen by threat actors, who use the data in attacks against cryptocurrency companies.

SevenRooms had more than 400 GB of sensitive data stolen from its CRM platform, PayPal notified customers in January that unauthorized parties were accessing accounts using stolen login credentials, and Atlassian saw employee and company data exposed in the February breach.

Clearly, tech companies are not immune to data breaches. Protecting the proprietary code, customer data, and employee records stored in SaaS applications should be a top priority.

Dependence on SaaS Applications

A strong SaaS posture is important for any enterprise, but especially important for organizations that store their proprietary code in SaaS applications. This code is very tempting for threat actors, who just want to monetize their efforts and redeem the code back to the creator.

Tech companies also tend to rely on a large number and mix of SaaS applications, from collaboration platforms to sales and marketing tools, legal and finance, data warehouses, cybersecurity solutions, and more – making it increasingly difficult to secure the entire stack.

Tech employees rely heavily on SaaS applications to do their daily work; this requires the security team to strictly manage their identity and access. In addition, these users tend to log into their SaaS applications via different devices to maintain efficiency, which can pose a risk to organizations based on the cleanliness level of the devices. Additionally, technology employees tend to connect third-party applications to the core stack without a second thought, giving these applications high risk coverage.

Learn how Adaptive Shield can help you secure your entire SaaS stack.

Controlling SaaS Access After Layoffs

The high-tech industry is known for periods of very rapid growth, followed by downsizing. Over the last few months, we’ve seen Facebook, Google, Amazon, Microsoft, LinkedIn, Shopify and others announce layoffs.

Employee deprovisioning of SaaS applications is an important element in data security. While most employee moves are automated, SaaS apps that aren’t connected to the company directory don’t automatically revoke access. Even those connected apps may have admin accounts that are outside of enterprise SSO. While the primary SSO account may be disconnected, the user’s admin access via the app login screen is often accessible.

Organic Hyper Growth and M&A

At the same time, the industry is ripe with merger and acquisition announcements. As a result of M&A, the acquiring company needs to establish the basis for SaaS security and monitor all SaaS stacks of the merged or acquired company, while enabling business continuity. Whether hyper growth is organic or through M&A, organizations must be able to ensure the right sized access for their users, at scale and quickly.

Identity Threat Detection & Response

The majority of data breaches affecting technology companies stem from stolen credentials and tokens. The threat actor enters the system through the front door, using valid user credentials.

Identity Threat Detection and Response (ITDR) catch unknown suspicious events. SSPM (SaaS Security Posture Management) solution with threat detection engine will alert you when there is a Compromise Indicator (IOC). These IOCs are based on cross-referencing of activity such as user geolocation, time, frequency, repeated login attempts, excessive activity and more.

Secure High Tech SaaS

Maintaining a high SaaS security posture is a challenge for high-tech companies, which may mistakenly think they are properly equipped and trained to prevent SaaS attacks. SaaS Security Posture Management is essential to prevent SaaS breaches, while SSPM with ITDR capabilities will be of great help to ensure that your SaaS data is secure.

Learn how Adaptive Shield can help you secure your entire SaaS stack.