Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    What's Hot

    Distressed Indian startup GoMechanic acquired by Lifelong Group-led consortium

    March 29, 2023

    Musk, experts urge pause on training AI systems more powerful than GPT-4 By Reuters

    March 29, 2023

    Dogecoin [DOGE]: Short-term investors could gain, but only if…

    March 29, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram Vimeo
    Cryptonounce.com
    Contact
    • Business
      • Deals
      • investors
      • IPO
      • Startups
      • Wall Street
    • Markets
      • Bonds
      • Commodities & Futures
      • Currencies
      • Funds & ETFs
      • Stocks
    • Crypto
      • Alticoins News
      • Binance News
      • Bitcoins News
      • Blockchain News
      • Ethereum News
      • Token Sales News
      • XRP News
    • Technology
      • Artificial Intelligence
      • Big Data
      • Cloud Computing
      • Cybersecurity
      • Gaming
      • Internet of Things
      • Mobile
      • Social Media
      • Transportation
      • VR & AR
    • FinTech
    • Personal finance
    • Grides
      • Crypto
      • FinTech
      • Investing
      • Personal Finance Guides
      • Techonology
    • Tools
      • Coins
      • ICO List
      • Organigations
      • Events
    Cryptonounce.com
    Home » Why Do User Permissions Matter for SaaS Security?
    Cybersecurity

    Why Do User Permissions Matter for SaaS Security?

    AdmincryptBy AdmincryptJanuary 9, 2023No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Jan 09, 2023The Hacker NewsSaaS Security / SSPM Solution

    SaaS Security

    Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp’s customers’ end users.

    Three months later, Mailchimp was hit with another attack. Once again, an employee’s account was breached following a successful phishing attempt.

    While the identity of the Mailchimp accounts that had been compromised wasn’t released, it’s easy to see how user permission settings could have played a role in the attack. Once threat detectors breached the system, they had the access needed to utilize an internal tool that enabled them to find the data they were looking for. The attack ended when security teams were able to terminate user access, although data which had already been downloaded remained in the threat actor’s hands.

    Introducing user permissions, through role-based account control (RBAC), could have severely limited the damage caused by the breach. Had the rule of least privilege been applied, it’s likely that the breached account would not have afforded access to the internal tools that were used in the attack. Furthermore, reduced access might have completely prevented the attack or limited the number of affected accounts to far fewer than the 100 which were ultimately compromised.

    Protect SaaS data as if your company’s future depends on it. Schedule a demo for more.

    What Are User Permissions?

    SaaS user permissions allow app owners to limit a user’s resources and actions based on the user’s role. Called RBAC, it is the permission set that grants read or write access, assigns privileges to high-level users, and determines access levels to company data.

    What is the Purpose of the “Rule of Least Privilege”?

    The rule of least privilege is an important security concept that provides the least amount of access needed for users to perform their job functions. In practice, it reduces the attack surface by limiting high-level access to a few privileged individuals. If a low-privilege user account is breached, the threat actor would have less access to sensitive data contained within the application.

    Are your SaaS apps following the rule of least privilege? Schedule a demo to learn more.

    Why Do User Permissions Matter for Security?

    App administrators frequently grant full access to team members, particularly when dealing with a small user group. As business users rather than security professionals, they don’t always recognize the degree of risk in granting those access permissions. Furthermore, they prefer to give full authorization rather than be asked for specific permissions later on.

    Unfortunately, this approach can put sensitive data records at risk. User permissions help define the exposed data in the event of a breach. By protecting data behind a permission set, threat actors that access a user identity are limited to the data available to their victim.

    Loose user permissions also make it easier for threat actors to carry out automated attacks. Having multiple users with wide API permissions makes it easier for cybercriminals to breach a SaaS app and either automate ransomware or steal data.

    Why Are User Access Reviews Important?

    User access reviews are essentially audits that look at users and their access. They show security team members and app owners the degree of access each user has and allows them to adjust permission levels as needed.

    This is important, as it helps identify users who may have switched roles or teams within the company but retained an unnecessary level of permissions, or alerts security teams regarding employees whose actions have deviated from normal behaviors to include suspicious behavior. Furthermore, it helps identify former employees who still have access and high-privilege permissions.

    Access Reviews should take place at predetermined intervals, ensuring that unnecessary permissions are identified within a set time frame.

    Conclusion

    User permissions are often a misunderstood security feature. It protects organizations from both external attacks and internal data-sharing errors.

    An SSPM solution, like Adaptive Shield, enables effective user permission management, giving security personnel and app owners the confidence to know the extent of any user permission and see that user’s SaaS security hygiene. This real-time view of users is far more effective than User Access Audits, which only present a snapshot view of the users’ permissions at a specific moment in time.

    Looking for more visibility into your Saas users? Schedule a demo today for full visibility.


    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleCrypto billionaires’ subsequent deaths spark wild theories among the community
    Next Article How to retire with $2 million if you make $100,000 per year
    Admincrypt
    • Website

    Related Posts

    Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

    March 28, 2023

    Pakistan-Origin SideCopy Linked to New Cyberattack on India’s Ministry of Defence

    March 28, 2023

    IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery

    March 28, 2023

    Pen Testing Solutions That Challenge the Status Quo

    March 28, 2023

    Leave A Reply Cancel Reply

    Our Picks
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Techonology

    Distressed Indian startup GoMechanic acquired by Lifelong Group-led consortium

    By AdmincryptMarch 29, 20230

    A consortium led by Lifelong Group has acquired the distressed firm GoMechanic months after the…

    Musk, experts urge pause on training AI systems more powerful than GPT-4 By Reuters

    March 29, 2023

    Dogecoin [DOGE]: Short-term investors could gain, but only if…

    March 29, 2023

    The government should fear AI, not crypto: Galaxy Digital CEO

    March 29, 2023

    Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    NEWS
    • Business
    • Crypto
    • Blockchain
    • Markets
    • Technology
    FEATURED SECTIONS
    • Coins
    • ICO List
    • Organigations
    • Events
    • Grides
    FEATURED LINKS
    • Story of the day
    • Videos
    • Infographics
    CONNECT WITH US
    • Facebook
    • Twitter
    • Telegram
    • LinkedIn
    • Pinterest
    ABOUT US
    • Contact
    • Advertise
    • Sitemap
    Copyright © 2023 Cryptonounce All rights reserved. Cryptonounce.
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?