Cloud Security Podcast

Secure your SaaS applications like this!

4 snips
Nov 21, 2023
Guest
Max Feldman
Max Feldman, Director of Security Engineering at AppOmni and former product security lead at Salesforce and Slack, talks SaaS security. He explains SaaS Security Posture Management, when teams should adopt SSPM, and differences between SSPM, CASB, CSPM and CNAPP. They cover SaaS attack surfaces, SSO/offboarding gaps, ChatGPT risks, and practical steps to start a SaaS security program.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ADVICE

Start SaaS Security By Inventorying Sensitive Apps

  • Start thinking about SaaS security immediately by tracking inventory and data locations so you can prioritise protection as you grow.
  • Focus first on visibility and the apps holding the most sensitive HR, financial, or trade-secret data.
INSIGHT

SaaS Risk Is Data Exposure And Permission Drift

  • SaaS risk includes data exposure, over-permissioned internal access, and API/UI mismatches where a UI restriction may not hold at the API level.
  • Examples include exposed HR records, salary data, or CRM customer data leading to internal harm or external leaks.
ADVICE

Apply Shared Responsibility To SaaS Configurations

  • Treat SaaS with the same shared-responsibility mindset as cloud: providers secure the platform, you secure configuration and usage.
  • Expect increasing automated scanning and researcher attention similar to early cloud S3 exposures.
Get the Snipd Podcast app to discover more snips from this episode
Get the app