Adaptive Shield Rises to SaaS App Security Challenge
Adaptive Shield emerged from stealth to address the need to better secure software-as-a-service (SaaS) applications.
Fresh off raising an additional $4 million in funding, the company’s namesake platform identifies and prioritizes weaknesses in SaaS applications to enable security teams to proactively find and ultimately fix misconfigurations across a wide variety of platforms, including Microsoft Office 365, Salesforce, Zoom, Slack, GitHub and others, said Adaptive Shield CEO Maor Bin.
Adaptive Shield will continue to add other automated wizards for integrating with other SaaS applications over time, he added.
Bin noted SaaS applications are just as likely to be misconfigured as any other cloud service. The more SaaS applications an organization employs the greater the risk becomes.
In the wake of the COVID-19 pandemic, the number of SaaS applications being employed has increased sharply as employees continue to work from home to combat the spread of the COVID-19 pandemic. In many cases, SaaS applications are also being relied on to accelerate digital business transformation initiatives.
Adaptive Shield presents cybersecurity teams with a series of dashboards that surface cybersecurity issues. Those teams can then inform the owners of the SaaS applications being employed of what security issue should be remediated rather than addressing the issue themselves in case an action they take causes an unanticipated disruption, said Bin.
Designed to be deployed in under five minutes, Adaptive Shield also analyzes and scores SaaS apps against leading compliance frameworks such as NIST, SOC 2, HIPAA and PCI DSS. The goal is to make it feasible to consistently apply a common set of cybersecurity controls across a variety of SaaS platforms, he said.
It’s not clear to what degree organizations will be relying primarily on SaaS platforms going forward. However, with video conferencing platforms such as Zoom now deeply embedded within business processes, it’s clear the attack surface that needs to be defended by cybersecurity teams has changed substantially.
The challenge is, line of business units don’t always inform cybersecurity teams about the adoption of a new SaaS platform. In the wake of the pandemic, this issue is occurring more frequently as business units adopt more cloud-based applications to remain productive. Cybersecurity teams may be able to exercise some influence over those platform choices, but by and large, the decision to adopt a SaaS application usually falls under the purview of the business executive that is allocating the funds to pay for it.
Of course, there may come a day when the organization in the interest of saving money and improving the overall security posture of the organization decides to rationalize SaaS platforms. In fact, cybersecurity teams that have a vested interest in that discussion might want to highlight to the finance department just how much money is being spent on those platforms.
