Security Weekly Podcast Network (Audio) Shadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO - Mike Puglia - BSW #424
Dec 3, 2025
Mike Puglia, General Manager of Kaseya Labs, dives into the growing security blind spots in popular SaaS platforms like Microsoft 365 and Salesforce. He highlights how attackers are exploiting these vulnerabilities, particularly through hijacking tokens and misconfigured integrations. The conversation shifts to the crucial role of the Chief Trust Officer and the debate over reliance on big cloud providers. Mike also offers strategies for SMBs on managing SaaS security, along with the necessity for enhanced visibility across organizational apps.
AI Snips
Chapters
Transcript
Episode notes
Push For Hybrid Or Edge Options
- Consider hybrid or edge strategies to regain control and resilience where feasible.
- Evaluate managed service providers offering hybrid or on-prem options if full cloud dependence is unacceptable.
Don't Rely On MFA Alone
- Don’t treat MFA as a silver bullet; attackers can proxy logins and capture tokens.
- Deploy passkeys and device-tied authentication where possible to reduce token theft risk.
Monitor SaaS Via API Telemetry
- Use read-only API telemetry collectors to monitor SaaS activity and detect anomalies.
- Alert on admin changes, third-party app installs, large exports, and unexpected logins across SaaS tools.