SaaS Security Glossary
Account Takeover
Attack where a malicious actor gains control of a user’s account, typically through credential theft or social engineering.
Advanced Persistent Threat (APT)
Highly skilled and well-funded threat actor, often state-sponsored, that conducts prolonged and stealthy cyber campaigns to infiltrate networks, steal data, or disrupt operations.
AiTM (Adversary-in-the-Middle)
AitM is a broader term that encompasses MiTM but can also refer to more sophisticated attack techniques involving interception and manipulation of communication. AiTM can imply a higher level of sophistication and may include advanced methods to avoid detection, such as using secure channels to intercept communication or targeting specific types of encrypted data.
App2app Connections
App2app connections exist at some level when any two apps connect to each other. They share information with each other so that they can do more things. For example, when an app wants to connect with a user’s Slack account, it needs to make a secure connection. The app can use an app2app connection to accomplish that. This type of connection is also used for transferring data between two SaaS apps, and also for performing combined tasks like synchronization.
App2app connections are built on the same principles as traditional network connections but instead of connecting physical networks together, they allow mobile devices and apps on those devices to be connected. They provide a secure communication channel so that the data transferred between two apps remains private and secure from other users who may be connected at the same time.
The types of data shared over app2app connections include user information, settings, files, and more. App2app connections are an important tool for developers as they allow apps to communicate with each other, enabling them to provide users with more features and better performance. In a perfect world, developers can also use app2app connections to create a secure environment where their users’ data is not exposed to potential risks.
Breach
A breach in the context of SaaS refers to the unauthorized access, disclosure, or compromise of sensitive data stored within cloud-based software applications. This unauthorized access can occur due to various factors such as misconfigurations in application settings, inadequate access controls, vulnerabilities in third-party integrations, or human error.
When a breach occurs, it can lead to significant consequences including data theft, exposure of confidential information, non-compliance with regulatory requirements, loss of customer trust, financial penalties, and operational disruptions. Preventing and mitigating breaches is crucial for organizations to maintain the security and integrity of their data in SaaS environments.
CASB – Cloud Access Security Broker
A Cloud Access Security Broker (CASB) is a security solution that acts as an intermediary between an organization’s on-premises infrastructure and cloud services. It monitors and controls data flow to ensure security, compliance, and governance. CASBs enforce corporate policies by managing user access to cloud applications and preventing unauthorized data transfers.
Initially, CASBs functioned like firewalls, using proxy servers to direct all cloud traffic and enforce security rules. Today, they have evolved to use an API-driven approach, integrating directly with major SaaS applications. This modern method provides detailed control and visibility into user activities and data, enhancing the security and compliance of cloud environments. CASBs are crucial for safeguarding sensitive information and maintaining compliance across SaaS, IaaS, and PaaS platforms.
Credential Stuffing
Attack that uses stolen credentials from one service to try to access accounts on other services, assuming users reuse passwords.
CSPM – Cloud Security Posture Management
Cloud Security Posture Management (CSPM) encompasses tools and practices designed to enhance security and compliance within cloud environments. CSPM solutions continuously monitor cloud infrastructure, including Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) configurations, to identify and address security risks, misconfigurations, and compliance issues. These tools empower organizations to maintain secure cloud operations by offering comprehensive visibility into their cloud resources, assessing configurations against best practices, and automating the remediation of vulnerabilities that could lead to data breaches or other security incidents.
CSPM is invaluable for any organization utilizing cloud services, as it ensures that cloud environments are securely configured and compliant with relevant standards. This proactive approach to cloud security allows organizations to monitor, understand, and mitigate risks associated with the rapid pace of changes and deployments in cloud computing. By continuously monitoring and automatically enforcing security policies, CSPM tools are essential for maintaining a robust security posture in the cloud.
Data Exposure
The unintended release of sensitive data due to security vulnerabilities or malicious actors. Data exposure can lead to serious privacy issues, as well as damage to a company’s reputation.
Discovery (SaaS)
SaaS Discovery is a critical part of SaaS Security Posture Management, which deals with identifying all SaaS applications, files, and users in a company. This process provides details on IT-approved and shadow IT applications, sensitive file sharing, and users access and permissions. With SaaS discovery, Organizations can uncover their security issues related to unauthorized access to data or sensitive information.
Ultimately, SaaS Discovery provides the organization with a comprehensive view of the SaaS environment. This level of transparency is required in order to carry out risk assessment and implement remediation activities regarding permission changes, protection of sensitive data, or aligning SaaS usage with policies and compliance requirements.
DLP – Data Loss Prevention
A set of technologies used to identify and protect sensitive data. DLP helps organizations detect, monitor, and prevent unauthorized use, access, modification, and disclosure of confidential information.
Double Extortion
Attack that combines ransomware with the threat of data leakage, where attackers threaten to release stolen data if the ransom is not paid.
EDR – Endpoint Detection & Response
EDR (Endpoint Detection & Response) is a crucial component of a comprehensive SaaS Security strategy. As organizations increasingly rely on SaaS applications, endpoints become critical touchpoints where users interact with cloud-based services. EDR solutions help protect these endpoints by detecting, investigating, and responding to suspicious activities that could compromise SaaS environments.
When it comes to SaaS Security, EDR can identify and mitigate threats such as unauthorized access to SaaS applications, data exfiltration, and the spread of malware through SaaS integrations. By collecting and analyzing data from endpoints, EDR provides visibility into potential security incidents that could affect SaaS platforms. This capability is essential for ensuring that sensitive data within SaaS applications remains secure, preventing breaches and maintaining compliance. Through the integration of EDR and SaaS Security Posture Management (SSPM) solutions, organizations can achieve a more robust and cohesive security posture across both on-premises endpoints and cloud-based SaaS applications.
Endpoint Query
In the context of SaaS security, endpoint query refers to a non-intrusive method used to check whether an endpoint, such as a user’s device, has accessed or utilized a specific SaaS application or product. By querying endpoints, organizations can gather data on which SaaS applications are being used across their network. This process helps organizations better manage their SaaS environment by providing insights into application usage, enabling them to identify potential security risks, such as unauthorized or insecure applications, and ensure compliance with internal policies and regulations.
Endpoints
The actual devices that employees and users use, such as desktops, laptops, tablets, mobile devices, and pretty much any technology that people are able to use to connect to the internet to do the work their job requires.
IAM – Identity & Access Management
A security practice used to control access to systems, applications and data by granting users access rights based on their assigned roles. IAM can be used to help enforce organizational policies and prevent unauthorized access to sensitive data.
Indicator of Compromise (IoC)
Evidence left behind by an attacker or malicious software that can be used to identify a security incident (In SaaS we’ll refer mostly to IPs and UAs).
Insider Threat
An Insider threat is the potential risks posed by individuals within an organization who misuse their authorized access to systems, data, or resources. These individuals can include current employees, contractors, or even former employees who still have access privileges. Insider threats can manifest as both negligent actions, such as unintentional data breaches due to careless handling of sensitive information, and malicious actions, where insiders deliberately exploit their access for personal gain or to harm the organization.
Effective management of insider threats is crucial in safeguarding organizational security, particularly in the context of the expanding use of SaaS applications. As organizations increasingly adopt cloud-based SaaS solutions, the risk of insider incidents grows due to the decentralized nature of SaaS environments. This decentralization allows users to bypass traditional security controls, potentially introducing vulnerabilities and unauthorized access points. Therefore, proactive strategies, such as implementing robust SaaS Security Posture Management (SSPM) solutions, are essential. These solutions provide visibility into SaaS usage, monitor user behavior for anomalies, and automate access management to minimize insider risks and protect sensitive organizational assets.
Mean Time to Resolve (MTTR)
The average time it takes for a security team to investigate and respond to a threat after detection.
MFA Fatigue
Attack that repeatedly sends MFA requests to a user in an attempt to overwhelm them and cause them to approve a request out of frustration.
Mitigation
The process of reducing or eliminating the potential impacts of a security breach. Mitigation can include implementing security measures to reduce the probability of an attack, training users on security best practices, and developing incident response plans.
OAuth Token Theft
Attack that involves stealing OAuth tokens, which are used to authorize access to applications and data, to gain unauthorized access to a user’s account.
OAuth Tokens
An OAuth (Open Authorization) token is methods used for authenticating and authorizing access without the need to share personal credentials, such as usernames and passwords. In the case of SaaS where user often have access to multiple applications, it is particularly important to authorize these applications to access their data in a secure and controlled manner.
When a user wants to allow an application to access specific resources, such as files, data, or services, they go through an authorization process. This process typically involves the user logging in and explicitly granting permission, and upon successful authorization, the SaaS application issues an access token to the application. This token is then used by the application to make API requests to the SaaS platform, accessing only the resources and performing only the actions the user has permitted.
OAuth tokens are essential for maintaining the security and privacy of user data in SaaS environments and are designed to be short-lived and often come with specific scopes that define the limits of what the application can do. This ensures that even if a token is compromised, the potential damage is limited.
Password Spray
Attack that attempts to access a large number of accounts using a small number of commonly used passwords.
Phishing
Attack that attempts to trick users into revealing sensitive information, such as login credentials, by posing as a trustworthy entity.
Ransomware
Malware that encrypts a victim’s files and demands payment in exchange for the decryption key.
SaaS Estate
A SaaS estate refers to the entire collection of Software as a Service (SaaS) applications and services that an organization uses. For example, this includes all the cloud-based applications connected to the organizations through the downloading or onboarding by employees and users. SaaS applications within the SaaS estate are typically used for various business functions such as communication, collaboration, customer relationship management (CRM), project management, and more.
From a SaaS security perspective, managing a SaaS estate involves overseeing the procurement, deployment, usage, security, and compliance aspects of these applications. It’s critical to ensure that the apps within the SaaS estate are being used efficiently and cost-effectively while maintaining the security and integrity of the data accessed and stored within them. The idea of a SaaS estate shows the growing complexity of managing multiple SaaS applications within an organization, as well as the need for strategic oversight to optimize their usage and ensure they align with the company’s business objectives, security and regulatory requirements.
SaaS Governance
SaaS governance is a crucial framework for organizations looking to manage, control, and secure their software-as-a-service (SaaS) applications. It involves setting comprehensive policies that dictate how SaaS tools are selected, deployed, and used within the organization. This governance ensures that all SaaS applications align with the company’s security protocols, compliance requirements, and overall strategic objectives. Effective SaaS governance includes establishing clear guidelines for the purchase and subscription of new SaaS tools, as well as outlining how data within these applications should be handled to maintain consistency and security.
Another critical aspect of SaaS governance is managing user access and permissions. Organizations must implement robust access control measures to ensure that only authorized personnel can access sensitive data and functionalities within SaaS applications. This includes regular audits and reviews of user access levels to prevent unauthorized access and potential security breaches. By having a well-defined SaaS governance framework, companies can mitigate risks, enhance operational efficiency, and ensure that their SaaS investments are both secure and aligned with their long-term goals.
SaaS Security
SaaS Security refers to the set of practices, technologies, and strategies designed to protect SaaS applications and data from security threats and breaches. With the widespread adoption of SaaS, organizations face challenges such as shadow IT, where unauthorized SaaS usage occurs outside IT and security team oversight, leading to potential vulnerabilities.
To mitigate these risks, organizations employ SaaS Security Posture Management (SSPM) solutions. SSPM enables proactive monitoring, assessment, and enforcement of security policies across the SaaS landscape, helping to prevent unauthorized access, data leakage, and other security incidents. By prioritizing SaaS Security, organizations aim to safeguard sensitive data, maintain compliance, and protect their reputation and operations from the adverse impacts of security breaches.
SaaS Sprawl
SaaS sprawl refers to the uncontrolled adoption and utilization of Software as a Service applications across an organization. SaaS sprawl occurs as a result of the easy onboarding and availability of SaaS services. Different departments or individual employees are easily able to make independent decisions about the choice of SaaS tools that they need to adopt, and without centralized control and management over the SaaS environment, an organization can easily have a growing number of different SaaS applications that lack sufficient security standards. This can create security challenges for IT and security teams who need to monitor the SaaS stack.
The impact of SaaS sprawl on security, cost, and operational efficiency is huge. SaaS sprawl causes financial waste through duplicate or redundant apps and unused licenses. This also leads to operational inefficiencies due to the frustratingly difficult task of weeding through and training in the use of multiple tools serving similar functions. To truly solve these issues, organizations need a centralized way like SaaS security posture management (SSPM) to manage SaaS sprawl effectively – approving, and regularly auditing applications against business objectives and security.
SASE – Security Access Service Edge
SASE (Secure Access Service Edge) plays a crucial role by integrating both networking and security services into a single, cloud-delivered platform. This architecture is particularly beneficial for organizations using SaaS applications, as it enables seamless and secure access for remote and hybrid users by connecting them to nearby cloud gateways. This eliminates the need to backhaul traffic to corporate data centers, thereby reducing latency and enhancing performance.
Shadow IT
Shadow IT is the use of SaaS applications and services without approval from the organization’s IT department. With the rise of SaaS applications, Shadow IT has become a significant risk, introducing complex threats to security and compliance. Without IT oversight, unauthorized SaaS applications can lead to data breaches, loss of sensitive information, and non-compliance with industry standards.
For example, consider an employee who onboards a new SaaS application to streamline their workflow but fails to inform the IT team. This unapproved application can inadvertently create security vulnerabilities, as it bypasses the organization’s established security protocols. Without proper oversight, sensitive company data might be exposed, and compliance with industry regulations could be compromised. This is a common scenario of Shadow IT.
To combat Shadow IT, real-time visibility and monitoring of SaaS applications are crucial. Organizations need a comprehensive view of their SaaS landscape to identify which applications are being used and how sensitive files are shared. Wing’s SaaS discovery solution provides this visibility, offering an up-to-date list of SaaS applications within minutes.
Effective management of Shadow IT involves continuous evaluation of security risks across applications, users, and files. Wing’s solution maps, analyzes, and scores the SaaS environment, helping security teams understand their security posture and prioritize actions to mitigate risks.
Shadow Network
In SaaS security, a Shadow Network is an interconnected network of software and applications that arise from the unchecked and often unauthorized use of Shadow IT within an organization. Shadow IT occurs when employees use SaaS applications without the knowledge or approval of the IT or security department, bypassing official channels and security protocols.
The formation of a Shadow Network poses significant risks, as these applications are not subject to security policies or oversight. This lack of control can lead to various security vulnerabilities, such as data leaks, compliance issues, and unauthorized access. Additionally, once a threat actor breaches one point in this network, they can potentially move laterally across the interconnected applications and systems, exploiting the Shadow Network to access sensitive information or further compromise the organization’s security.
Effectively managing and securing a Shadow Network requires robust SaaS Security Posture Management (SSPM) solutions that provide visibility into all SaaS usage, whether authorized or unauthorized, and enable the enforcement of security policies across the entire SaaS landscape.
SSE – Security Service Edge
SSE (Security Service Edge) is a term related to SaaS security where it refers to an architecture for delivering security services from the cloud. SSE enables organizations to centralize their security operations, providing enhanced visibility into threats and activities, and reducing the cost and complexity of managing security infrastructure. This architecture typically includes features such as secure web gateways, cloud access security brokers (CASBs), and zero trust network access (ZTNA), all integrated to protect users, applications, and data regardless of their location
SSPM – SaaS Security Posture Management
SSPM (SaaS Security Posture Management) is a comprehensive SaaS security solution designed to continuously monitor and manage the security posture of SaaS environments. SSPM provides security and IT teams with the necessary visibility into the security configurations and usage patterns of SaaS applications, identifying vulnerabilities, misconfigurations, and compliance issues. As SaaS tools become increasingly targeted by malicious actors, SSPM is becoming more and more essential for protecting sensitive data and ensuring secure practices.
SSPM focuses on securing SaaS usage by monitoring all activities non-intrusively, offering automated workflows to resolve security issues, manage application permissions, and prevent data misuse or abuse. SSPM address challenges such as SaaS sprawl, shadow IT, and the presence of risky applications within organizations, ensuring that SaaS usage is safe, compliant, and aligned with organizational policies.
Tactics, Techniques & Procedures (TTP)
The behavior of an actor. The tactic is the highest-level description of this behavior, while techniques give a more detailed description of behavior in the context of a tactic, and procedures are an even lower-level, highly detailed description in the context of a technique.
User Agent (UA)
Information that your web browser or app shares with websites to tell them what device and software you’re using.
User Entity and Behavior Analytics (UEBA)
UEBA detects security threats by analyzing deviations from normal user and entity behavior using machine learning and risk-based scoring.
Vishing
Attack that uses voice communication, such as phone calls or voicemail, to trick users into revealing sensitive information.
Talk with a Wing Security Expert
Let’s have a quick chat and show you Wing in action.
