Goodpods logo
Goodpods

Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
Breakpoint Security Podcast - #S02EP09 | Controlling your SaaS Sprawl with a SaaS Security Platform | Abhishek Anand

#S02EP09 | Controlling your SaaS Sprawl with a SaaS Security Platform | Abhishek Anand

12/29/23 • 57 min

Breakpoint Security Podcast

Just like cloud is omnipresent in 2023, SaaS sprawl is just as prevalent. A company on an average uses 110 SaaS apps and broadly 70% of the software that is being run is SaaS with issues even more severe at enterprise level.

SaaS security today is thought of as an IAM problem solved with an SSO integration but issues go beyond that, with misconfigurations leading to leaked data, insecure SaaS plugins opening up new threat vectors and how your services talk to other SaaS apps.

A lot of cloud security issues can be solved in orgs with good engineering practices but SaaS security is harder because users are spread across the organization and each tool has its own nuances, so IT/security teams find it hard to manage well. The general practice of allowing users to bring their own plugins and ways of use around SaaS apps is what creates security issues.
In this episode, we dive deep into SSP implementations for organisations.

Guest: Abhishek Anand, Co-Founder Koala Lab

Abhishek is a technology leader who built Housingdotcom as CTO and most recently built cloud infra at Whitehat Jr, where he led the platform and SRE teams. Over the course of his career, he has solved varied security problems and is currently building KoalaLab based on inspiration during his time building and securing infrastructure for these fast-growing companies.

Recommended reading/viewing for practitioners:

  1. SaaS Sprawl: https://www.zippia.com/advice/saas-industry-statistics
    1. 38% of companies run almost entirely on SaaS
    2. As of 2021, an average of 110 SaaS apps are used per organization.
    3. Approximately 70% of total company software use is SaaS as of 2022. However, this number has the potential to reach up to 85% by 2025, indicating that SaaS as software will only continue to become more popular.
  2. Salesforce leak of data: https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
  3. Google drive leaks: https://ny.chalkbeat.org/2021/8/5/22612388/data-breach-nyc-students-staff-google-drive
  4. Case: https://www.wired.co.uk/article/nhs-covid-19-app-health-status-future
  5. TL;DR: https://tldrsec.com/- Good newsletter covering a lot of security research
  6. SSP Coverage Reference: https://www.koalalab.com/saas-security

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

  • Twitter: @NeeluTripathy
  • LinkedIn: neelutripathy
plus icon
bookmark

Just like cloud is omnipresent in 2023, SaaS sprawl is just as prevalent. A company on an average uses 110 SaaS apps and broadly 70% of the software that is being run is SaaS with issues even more severe at enterprise level.

SaaS security today is thought of as an IAM problem solved with an SSO integration but issues go beyond that, with misconfigurations leading to leaked data, insecure SaaS plugins opening up new threat vectors and how your services talk to other SaaS apps.

A lot of cloud security issues can be solved in orgs with good engineering practices but SaaS security is harder because users are spread across the organization and each tool has its own nuances, so IT/security teams find it hard to manage well. The general practice of allowing users to bring their own plugins and ways of use around SaaS apps is what creates security issues.
In this episode, we dive deep into SSP implementations for organisations.

Guest: Abhishek Anand, Co-Founder Koala Lab

Abhishek is a technology leader who built Housingdotcom as CTO and most recently built cloud infra at Whitehat Jr, where he led the platform and SRE teams. Over the course of his career, he has solved varied security problems and is currently building KoalaLab based on inspiration during his time building and securing infrastructure for these fast-growing companies.

Recommended reading/viewing for practitioners:

  1. SaaS Sprawl: https://www.zippia.com/advice/saas-industry-statistics
    1. 38% of companies run almost entirely on SaaS
    2. As of 2021, an average of 110 SaaS apps are used per organization.
    3. Approximately 70% of total company software use is SaaS as of 2022. However, this number has the potential to reach up to 85% by 2025, indicating that SaaS as software will only continue to become more popular.
  2. Salesforce leak of data: https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
  3. Google drive leaks: https://ny.chalkbeat.org/2021/8/5/22612388/data-breach-nyc-students-staff-google-drive
  4. Case: https://www.wired.co.uk/article/nhs-covid-19-app-health-status-future
  5. TL;DR: https://tldrsec.com/- Good newsletter covering a lot of security research
  6. SSP Coverage Reference: https://www.koalalab.com/saas-security

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

  • Twitter: @NeeluTripathy
  • LinkedIn: neelutripathy

Previous Episode

undefined - #S02EP08 Packing a Punch! With Policy-as-Code | Abhay Bhargav

#S02EP08 Packing a Punch! With Policy-as-Code | Abhay Bhargav

In today's world of rapidly evolving technology and the increasing complexity of software systems, ensuring the security and compliance of applications across the stack has become paramount. The stack has also gotten to be much more complex with the proliferation of APIs on cloud and cloud-native technologies. Tightly coupled security controls for things like Authorization, Validation and Admission Control is not realistic and is causing a large inconsistency in the implementation of security controls.
This episode will provide an in-depth exploration of Policy-as-Code (PaC) and how it can be employed to implement decoupled security practices across the stack. PaC serves as a unified framework that enables organizations to define, manage, and enforce policies in a consistent, transparent, and automated manner. This approach facilitates better security, compliance, and risk management, while also reducing the need for manual intervention.
Guest: Abhay Bhargav, Founder of we45,Appsec Engineer
Abhay Bhargav is the Founder of the Chief Research Officer of AppSecEngineer, an elite, hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security and DevSecOps. AppSecEngineer delivers hands-on security skills that companies are actually looking for.
Abhay started his career as a breaker of apps, in pentesting and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOps
He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, specifically Cloud-Native Security. In addition, Abhay has contributed to pioneering work in the Vulnerability Management space, being the architect of a leading Vulnerability Management and Correlation Product, Orchestron. Abhay is also committed to Open-Source and has developed the first-ever Threat Modeling solution at the crossroads of Agile and DevSecOps, called ThreatPlaybook.
Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on. He's authored two international publications on Java Security and PCI Compliance as well.

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

  • Twitter: @NeeluTripathy
  • LinkedIn: neelutripathy

Next Episode

undefined - #S02EP10 | Zeroing Trust: Identity Threats, the New Attack Surface | Sudarshan Pisupati

#S02EP10 | Zeroing Trust: Identity Threats, the New Attack Surface | Sudarshan Pisupati

The proliferation of digital identities and access points has increased the attack surface, making it difficult to monitor and secure user identities effectively. The rising sophistication of cyber threats, including identity theft and credential-based attacks, demands proactive measures to detect and respond to these threats promptly. Additionally, compliance requirements and data protection regulations necessitate robust identity security to avoid legal and financial repercussions.
All the above result in growing the complexity of managing user identities, especially in large enterprises and hence require automation and real-time monitoring capabilities to manage Identity threats, ensuring the organization can effectively safeguard its digital assets and sensitive data.

Guest : Sudarshan Pisupati, Principal Research Engineer at Zscaler.
He is currently focused on adding Identity Threat Detection and Response capabilities to Zscaler's cyber threat protection portfolio.

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

  • Twitter: @NeeluTripathy
  • LinkedIn: neelutripathy

If you like this episode you’ll love
Channels with Peter Kafka

Channels with Peter Kafka

ITSPmagazine Podcasts

ITSPmagazine Podcasts

TED Talks Daily (SD video)

TED Talks Daily (SD video)

Darknet Diaries

Darknet Diaries

Design Life

Design Life

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/breakpoint-security-podcast-312962/s02ep09-controlling-your-saas-sprawl-with-a-saas-security-platform-abh-45162946"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to #s02ep09 | controlling your saas sprawl with a saas security platform | abhishek anand on goodpods" style="width: 225px" /> </a>

Copy