Identities in SaaS applications can be either human, associated with individuals, or non-human, such as service accounts, API keys, and 3rd party app OAuth authorizations. Any unsecured identity in a SaaS app can create an opening for cybercriminals to compromise, leading to data breaches, compliance violations, and financial losses.
In a webinar hosted by The Hacker News, Maor Bin, CEO and co-founder of Adaptive Shield, and CISO James Azar discuss how to protect SaaS applications from exposure to identity risks through a strong identity security posture.
Watch the full recording of the webinar here.
“SaaS applications are all about identity. This is the modern IT stack,” says Bin. “It’s about securing your entire stack, not one application or another. Threat actors will not sit at home and do nothing, they will go after the less secure application in the chain. There will always be more attacks.”
As Bin explains in the webinar, the challenge in securing identities in SaaS applications is not only their increasing volume and velocity of change in the SaaS environment, but the fact that each one is so different from the other. As security teams are not responsible for most apps, gaining visibility into the apps is crucial, he says.
Azar agrees. “When you talk to cybersecurity practitioners, the number one challenge they are dealing with is a lack of visibility in asset management. If you are running SaaS applications with limited visibility into the assets that you have, you are blind to any risks or threats to your SaaS stack,” he says.
In the webinar, Bin reviews the key characteristics of identity security for human and non-human accounts and how they differ, especially the fact that non-human identities behave differently, making threats more difficult to detect.
Human identity security components:
- Roles and permissions
- Privileged and admin users
- User activity levels
- User types (external/internal)
- Configurations (MFA, SSO)
- User status: joiners, movers, leavers not deprovisioned
How non-human identities are different:
- Broad permission sets
- MFA and SSO are not enforced
- Accounts work 24/7
Despite the risks, non-human account monitoring is typically neglected. Human accounts get higher priority from a security perspective. Human and non-human accounts are often managed in a non-centralized manner.
Creating a Strong Identity Fabric
It comes down to the fact that “you can’t secure what you can’t see,” says Bin.
Dedicated controls are needed for both human and non-human identities and to combine them into one view.
To ensure SaaS identity security for both human and non-human accounts, an Identity Threat Detection and Response (ITDR) mechanism comes in as a crucial layer to stitch everything together. Creating a strong identity fabric for identity security posture management within an SSPM, ITDR can identify irregularities specific to non-human identities including anomalous patterns of behavior.
Therefore a combination of prevention (SSPM) and threat detection (ITDR) can secure all types of user accounts, human and non-human, Bin concludes.
Watch The Hacker News webinar to learn more about Adaptive Shield’s SSPM and ITDR capabilities for identity security posture management.