What Airports Have in Common With SaaS Security Misconfigurations

Eliana Vuijsje, Marketing Director

Airports are among the most secure buildings in the world. Whether it’s London’s Heathrow, The Windy City’s O’Hare, or any other airport across the globe, what’s certain is that they deploy an impressive array of scanning equipment, facial recognition tools, physical security teams, and artificial intelligence systems to keep operations flowing smoothly and prevent threats.

But the real foundation to airport security is the architectural design of the building itself and protocols that are in place. The most sophisticated scanners and the most diligent TSA agents are totally worthless if people who aren’t scheduled to fly are granted direct access to the departure gates. Or if the service corridors for staff are accessible to shoppers in the duty free section.

Now imagine having to secure multiple airports simultaneously, where the people inside may be both pilots and passengers of different airlines. And then–and hear me out on this–imagine that all the corridors, walls, and stairways are constantly shifting in relation to each other (think Heathrow meets Hogwarts!). Gate 22 used to be in this hallway–but now, without a moment’s notice, it’s in a different terminal; The emergency exit should obviously be closed at all times–but suddenly, all the passengers are using it freely. In this confusing scenario, the carefully designed management protocols have been broken down, eventually creating a situation in which anyone can access whatever area they choose.

The Complexities of the SaaS Application Ecosystem

Similar to those magically-shifting airport corridors, both admins and regular users can intentionally or unintentionally make major/minor changes to settings which end up enabling risky permissions or disabling key security features.

Despite each application’s countless security and user-related settings, with the addition of custom code, configurations, integrations, 3rd party users and apps, there’s a lot of room for things to go wrong. And so, it should come as no surprise that a leading cause of security incidents in SaaS applications is due to misconfigurations on the part of the organization using the platform–not due to security weaknesses in the platform itself.

For example:

Like the most bustling airports in the world, SaaS environments are inherently chaotic and fragmented. But with the proper toolset, specifically developed to address the unique management challenges of the SaaS application space, security teams can proactively take charge of their landscape.

What’s your current SaaS security posture? Find out today!

About the writer

Eliana Vuijsje, Marketing Director

Eliana is a marketing strategist with a passion for technology and storytelling. With an MA in conflict management and negotiation and a BA in Communications, Eliana hit the ground running after moving to Israel. Eliana’s work has been featured in places like Slashdot, the RSA conference and Facebook’s PyTorch publications. Since joining Adaptive Shield, Eliana has grown into a SaaS app security lobbyist telling everyone to secure their SaaS app estate. Oh, and she loves steak.