Cybersecurity INSIGHTS
Securing the SaaS Layer
Galit Lubetzky Sharon is the co-founder and chief technical officer of Wing Security and a retired colonel in the IDF, elite to 8200 unit, the equivalent of our NSA. After 20 years or so leading IDF’s cybersecurity team, she co-founded Wing Security with Noam Shaar, IDF’s former CISO, to answer a growing need: Securing the SaaS layer. Today, SaaS is used by everyone and anyone in the organization completely decentralized and mostly ungoverned. This introduces not only a major shadow IT problem but also creates a whole new attack surface and opens stores to organization-sensitive data.
To set the stage for Wing Security, Lubetzky weighs in on why SaaS differs from other apps in terms of security and what needs to change to make sure it’s protected:
SaaS is a great thing. All those applications that we can now use all across the organization, from HR, accounting, legal, R&D, marketing, sales, they all have their needs. And each of those needs has an updated and fine solution that you can adopt easily without asking for anyone to help you with. We all remember the old days when you wanted to use the new app, and you had to go to the security team or the IT team and ask them to install the app for you. So, no longer. It’s super easy. Everyone can start using it, sometimes even without paying for it. Just give it a try, provide a permission, start working, do whatever you need to do. It’s completely decentralized, as you mentioned, it’s continually changing. And that’s great and challenging for the security.
In this episode of Cybersecurity Unplugged, Lubetzky also discusses:
- Wing Security’s inventory of SaaS applications that are being used;
- Her direct experience with end-user customers;
- The relationship between SaaS applications and the CISO.
