Tag: saas
-
Obsidian Security Extends Reach to SaaS Application Integrations
Obsidian Security today announced that it has extended the reach of its platform for protecting software-as-a-service (SaaS) applications to include any integrations. Additionally, the company is now making it possible to limit which specific end users of a SaaS application are allowed to grant and authorize new SaaS integrations by enforcing least privilege policies. Finally,..…
-
13 cyber questions to better vet IT vendors and reduce third-party risk
Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerabilityVital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
-
13 cyber questions to better vet IT vendors and reduce third-party risk
Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerabilityVital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
-
NIST’s Blueprint for AI Security: How Data Trust Enables AI Success
Tags: access, ai, attack, automation, business, cloud, compliance, control, csf, cybersecurity, data, endpoint, exploit, framework, governance, guide, intelligence, least-privilege, nist, risk, risk-management, saas, toolThe rapid adoption of artificial intelligence has forced organizations to confront a hard truth: AI changes the cybersecurity equation. New attack surfaces, new misuse patterns and new forms of automation require a different approach to managing risk. That’s why NIST has stepped forward. Through its draft AI cybersecurity profile, NIST CSF 2.0 and the AI…
-
Thales named Growth Index leader in Frost Radar: Data Security Platforms Report
Tags: access, ai, business, cloud, compliance, container, control, data, defense, detection, edr, encryption, endpoint, governance, identity, intelligence, LLM, monitoring, risk, saas, service, siem, soc, technology, toolThales named Growth Index leader in Frost Radar: Data Security Platforms Report madhav Tue, 01/20/2026 – 04:29 Data has always been the backbone of enterprise operations, but the rise of cloud, big data, and GenAI has multiplied its value and, with it, the motivation for attackers. In parallel, regulatory expectations are increasing and evolving. The…
-
Why the future of security starts with who, not where
Tags: access, attack, cisa, ciso, cloud, compliance, control, cybersecurity, data, framework, google, identity, mfa, monitoring, network, nist, passkey, password, resilience, risk, saas, wifi, zero-trustCloud + remote work = No perimeter: Now, with remote work and the cloud, there’s no real perimeter left. People connect from home Wi-Fi, personal laptops, airports, coffee shops, you name it. At the same time, company data and workloads are scattered across AWS, Azure, Google Cloud and various SaaS platforms. The old rules just…
-
Secure web browsers for the enterprise compared: How to pick the right one
Tags: access, ai, android, api, attack, browser, business, chrome, cloud, computer, control, corporate, data, encryption, endpoint, fortinet, gartner, google, guide, identity, linux, login, malicious, malware, mfa, mobile, monitoring, network, okta, phishing, saas, service, siem, software, technology, threat, tool, training, vpn, windows, zero-trustEnable MFA at the beginning of any browser session by default.Handle isolation controls both with respect to the user’s session and to isolate any application from cross-infection. This means controlling the movement of data between the browser, your particular endpoint and the web application or applications involved.Control access to web destinations, either to allow or…
-
Flare Research: Phishing Kits Now Operate Like SaaS Platforms
Flare’s research shows phishing kits now run like SaaS, built to bypass MFA. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/flare-research-phishing-kits-now-operate-like-saas-platforms/
-
DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses
Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services.In recent years, many of us have learned (often the hard way) that public cloud service providers are not immune…
-
Top 10 Privileged Access Management Solutions for 2026
Privileged Access Management (PAM) solutions have moved from a compliance requirement to a front-line security control. As organizations expand across hybrid cloud, SaaS, DevOps pipelines, non-human identities, and now agentic AI, privileged access has become both more pervasive and more dangerous. Analyst… Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/top-10-privileged-access-management-solutions-for-2026/
-
Enterprises still aren’t getting IAM right
Tags: access, ai, api, authentication, automation, cloud, control, credentials, cybersecurity, data, email, governance, iam, identity, incident response, infrastructure, least-privilege, password, risk, saas, service, toolJust 1% have fully implemented a modern just-in-time (JIT) privileged access model;91% say at least half of their privileged access is always-on (standard privilege), providing unrestricted, persistent access to sensitive systems;45% apply the same privileged access controls to human and AI identities;33% lack clear AI access policies.The research also revealed a growing issue with “shadow…
-
8 things CISOs can’t afford to get wrong in 2026
Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
-
Gen AI data violations more than double
Security teams track activity that moves well beyond traditional SaaS platforms, with employees interacting daily with generative AI tools, personal cloud services, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/07/gen-ai-data-violations-2026/
-
What is Identity Dark Matter?
The Invisible Half of the Identity UniverseIdentity used to live in one place – an LDAP directory, an HR system, a single IAM portal.Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each of these environments carries its own accounts, permissions, and authentication flows.Traditional IAM and IGA tools govern…
-
California’s DROP Platform Launches: What Enterprise B2B SaaS Companies Need to Know About Data Deletion Compliance
How California’s groundbreaking data deletion law signals a fundamental shift in enterprise identity lifecycle management”, and why your SSO infrastructure matters more than ever First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/californias-drop-platform-launches-what-enterprise-b2b-saas-companies-need-to-know-about-data-deletion-compliance/
-
California’s DROP Platform Launches: What Enterprise B2B SaaS Companies Need to Know About Data Deletion Compliance
How California’s groundbreaking data deletion law signals a fundamental shift in enterprise identity lifecycle management”, and why your SSO infrastructure matters more than ever First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/californias-drop-platform-launches-what-enterprise-b2b-saas-companies-need-to-know-about-data-deletion-compliance/
-
Was bei der Cloud-Konfiguration schiefläuft und wie es besser geht
Tags: access, ai, authentication, breach, cloud, cyberattack, cybersecurity, cyersecurity, data-breach, infrastructure, Internet, least-privilege, mfa, monitoring, risk, saas, service, tool, usa, zero-trustFehlerhaft konfigurierte Cloud-Dienste sorgen regelmäßig für Datenlecks und schlimmeres.Konfigurationsfehler in der Cloud, die Unternehmensdaten gefährden, sind nicht unbedingt etwas Neues eher im Gegenteil. Umso schlimmer, dass Unternehmen ihre Cloud-Ressourcen immer noch nicht durchgängig absichern. Zumindest legt das ein aktueller Report nahe. Dafür hat der Cloud-Sicherheitsanbieter Qualys 101 Cybersecurity- und IT-Profis befragt, zu deren Aufgaben es…
-
What is Enterprise Identity, And Why Most Companies Get SSO RBAC Catastrophically Wrong
Authentication requirements block 75-80% of enterprise deals, costing B2B SaaS companies millions annually. After scaling identity to 1B+ users while supporting hundreds of enterprise customers, here’s why most companies get SSO and RBAC catastrophically wrong”, and the framework that actually works. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/what-is-enterprise-identity-and-why-most-companies-get-sso-rbac-catastrophically-wrong/
-
How SaaS Management Reduces Organizational Risk and Improves GRC Outcomes
As enterprises increasingly rely on SaaS applications to run critical business functions, risk management and compliance challenges are becoming more complex and less visible. Traditional governance models were not designed to account for the scale, speed, and decentralization of modern SaaS environments. Addressing this gap requires a closer connection between operational visibility and governance, risk,……
-
What shadow AI means for SaaS security and integrations
In this Help Net Security video, Jaime Blasco, CTO at Nudge Security, discusses why shadow AI matters to security teams. He describes how AI adoption happens in two ways, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/02/shadow-ai-security-risks-tools-video/
-
Inside the Biggest Cyber Attacks of 2025
Tags: attack, breach, credentials, cyber, cybersecurity, finance, government, healthcare, incident, infrastructure, leak, saas, supply-chain2025 has emerged as one of the most disruptive years for cybersecurity, marked by unprecedented breach volumes, record-breaking credential leaks, and cascading supply-chain failures. Across just 12 months, cyber incidents have impacted governments, healthcare systems, financial institutions, SaaS providers, airlines, retailers, and critical infrastructure, proving that no industry or geography remains insulated. 2025 Global Cybersecurity……
-
Best of 2025: UNC6395 and the Salesloft Drift Attack: Why Salesforce OAuth Integrations are a Growing Risk
A recent UNC6395 Salesloft Drift breach reveals Salesforce SaaS risks. Learn how to simplify breach detection, prevention, and visibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/unc6395-and-the-salesloft-drift-attack-why-salesforce-oauth-integrations-are-a-growing-risk-2/
-
Why Mobile-First SaaS Needs Passwordless Authentication for Field Teams
Learn why passwordless authentication is essential for mobile-first SaaS used by field teams to improve security, speed, and productivity. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/why-mobile-first-saas-needs-passwordless-authentication-for-field-teams/
-
Implementing NIS2, without getting bogged down in red tape
Tags: access, ai, automation, backup, bsi, business, cloud, compliance, control, data, detection, email, encryption, iam, identity, incident response, infrastructure, law, least-privilege, metric, monitoring, network, nis-2, regulation, saas, sbom, service, siem, soc, software, startup, supply-chain, technology, threat, tool, update, vulnerability, vulnerability-management, zero-dayIT in transition: From text documents to declarative technology: NIS2 essentially requires three things: concrete security measures; processes and guidelines for managing these measures; and robust evidence that they work in practice.Process documentation, that is, policies, responsibilities, and procedures, is not fundamentally new for most larger companies. ISO 27001-based information security management systems, HR processes, and…
-
Rethinking Salesforce Risk: From Misconfigurations to SaaS Supply-Chain Attacks
For most of its life inside the enterprise, Salesforce was treated as >>just
-
Building Secure User Portals for Content-Heavy SaaS Applications
Learn how to build secure user portals for content-heavy SaaS using passwordless authentication, RBAC, session security, and CDN protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/building-secure-user-portals-for-content-heavy-saas-applications/
-
The Case for Dynamic AI-SaaS Security as Copilots Scale
Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major SaaS vendor has rushed to embed AI into their offerings.The result is an explosion of…