From Signal Intelligence to SaaS Security – An Ongoing Cyber Journey
My first steps in cyber-security go back to the days when we analyzed RF signals in order to collect intelligence information. It was back then that we understood that the internet is full of potential and we must learn it, so that we can use its advantages to collect super valuable information relevant to our mission.
During my 20+ professionally rewarding years in the Israeli Defense Forces, I was fortunate to serve as Head of a Cyber Branch in the 8200 unit and then as Head of the Cyber Defense Operations Center. It was there that I met and served closely with Noam Shaar, Wing Security’s CEO and former Head of the IDF’s Cyber Division. Over the years we became close friends and great partners.
Together we founded Wing Security, where we aim to solve one of the most rapidly expanding cybersecurity challenges that businesses face today: SaaS cybersecurity. SaaS applications are nothing new, of course. But the SaaS ecosystem has evolved tremendously over the past decade and now, they’re at the center of our cloud-based world. They are used by everyone and they’re changed and updated frequently.
SaaS Cybersecurity Version 2022
While SaaS software clearly has many advantages – such as ease of use, availability and saving users from having to maintain host infrastructure – it also creates unique security challenges. When you use SaaS applications to drive your business, you have far less visibility into potential security risks than you would if you hosted the applications on your own infrastructure. You might be tempted to entrust security largely to the SaaS vendor, but even the best vendors can’t guarantee your app won’t place sensitive data at risk. It’s really a mutual responsibility model.
SaaS vendors need to ensure their apps are secure. Organizations need to take extra precautions to understand and mitigate the potential risks that SaaS usage entails . This includes which permissions they‘re granted, what data they access, generate or store and what potential security threats may arise from how users are using them.
Unfortunately, many businesses have fallen short when it comes to achieving visibility into their SaaS apps and risks. I have even encountered organizations that resort to very primitive methods, like tracking SaaS applications in Excel spreadsheets (which is not an effective means of tracking or maintaining).
It’s easy to understand why companies fall behind on their SaaS security. After all, the fact that SaaS apps are so easy to onboard into your organization and use also makes them easy to forget or overlook when you’re planning your cybersecurity strategy. The decentralized nature of SaaS software, and the ability of employees to deploy and modify SaaS apps at will, only adds to the challenge.
The SaaS Security Gap
Despite these deep-rooted SaaS security challenges (that have only risen over the past 10 years), there has been little investment to date in SaaS security. Most SaaS security solutions on the market didn’t offer enough benefit to justify the expense. They mostly offered only visibility or only access management without practical remediation, not to mention automated remediation. There was no holistic solution out there for securing this dynamic and ever changing domain.
The fact that few people think about SaaS cybersecurity doesn’t mean it’s not a real and present challenge. Andrew Hewitt, senior analyst at Forrester says that employees will circumvent security policies if they get in the way of productivity: “It’s not a matter of if younger employees will use these new emerging technologies, but when. Your security strategy must be ready to accommodate those changing preferences, but how can you get ready?”
Four Pillars to a Successful SaaS Security Strategy
A desire to close those SaaS security gaps is exactly what brought me to establish Wing Security. Wing has built a cybersecurity solution that automates SaaS security from discovery to remediation, no matter which SaaS apps you use or how they are managed within your organization.
Our SaaS cybersecurity strategy is built on four key pillars.
You can’t secure SaaS if you lack visibility into the risks associated with each app and user. That’s why Wing offers discovery and displays the security status and ranking of each app, and highlights where the greatest risks lie. We also show which apps are dormant, but still have access to your data, allowing the user to simply disconnect those apps no longer used.
Knowing where SaaS risks lie is only half the battle. Just as important is being able to respond quickly. Wing does this, first, by giving end-users the opportunity to recognize and remediate SaaS security threats. But if they don’t remediate them effectively, Wing empowers cybersecurity teams to respond or create default to remediate automatically.
Given the large number of SaaS resources that organizations frequently use, and the decentralized nature of those apps, it’s not practical to manage security risks manually. Wing gives you an automated solution that discovers, assesses and helps to remediate risks without relying on manual workflows. This saves your security team valuable resources and ensures security issues are taken care of.
4. Holistic management
You shouldn’t have to monitor and run several SaaS security solutions to secure all your SaaS applications running in your organization and accessing your data. Wing covers all major SaaS related risks, providing you a 360° approach to SaaS security management.
Giving SaaS Security Wings
Cybersecurity has been my passion for more than 20 years now. I strongly believe that security should and can empower businesses not shackle them. Ultimately, our goal is to ensure security leaders don’t have to compromise when it comes to the cybersecurity of newer tools that enable innovation, growth, productivity, and collaboration.
We want to transform SaaS security from a burdensome checkbox into a process that is baked right into the broader cybersecurity strategy. “Too complicated” or “not knowing where or how to start”, should become a thing of the past.
That’s why I’m excited to be at Wing Security; here I can say with conviction that we are building an amazing security solution to help our customers thrive in the SaaS domain.