In a notable but very distressing misstep, DeepSeek inadvertently made available internal proprietary training content. This happened due to a misconfigured storage bucket for its body of knowledge underpinning its large language model (LLM). Eric’s incident beautifully illustrates one of the biggest shortcomings in the governance of Software as a Service (SaaS) applications today. It also highlights the dangers associated with third-party Generative AI tools. Employees are onboarding new SaaS tools without proper oversight from IT departments. This trend increases the risk for organizations to experience data breaches and unauthorized access.
The challenge is amplified with the level of permissions that all SaaS applications require by default. Additionally, most of these applications are asking for very wide OAuth permissions. This provides them unfettered access to peruse your mailboxes, documents, calendars and conversations. As a consequence, workers today tend to associate unsanctioned SaaS applications right into established platforms they’re used to using like Google Workspace, Salesforce or Slack. This often causes them to overprovision access.
The Growing Concern of Shadow IT
Shadow IT is the use of technology systems, devices, software, application and services without explicit approval from IT department. This ultimately creates serious security risks and compliance problems for organizations. This trend has only grown more pervasive as employees look to gain productivity by adopting new tools themselves. The absence of oversight leaves organizations vulnerable to huge risks.
Generative AI risks SaaS apps that rely on an elevated level of permissions, which often results in data compromise. Employees could inadvertently be bridging applications that expose sensitive information to third parties. Too frequently, this occurs due to the absence of firm policies on data retention or how models should be trained. Without adequate governance, these tools are allowed to run amok. This creates significant risk for breaches of sensitive, protected information.
Additionally, failed identities and too much access in SaaS apps are ongoing hazards. Our partners often tell us that orphaned access is one of their biggest burdens. These are accounts that remain active months after an employee has left, allowing malicious actors to take advantage of inactive accounts. This tiered cascade of failure lays the groundwork for a cyber free-for-all.
Lessons from Recent Breaches
This is in no small part attributable to recent security incidents that have exposed the threats related to unmanaged, unsanctioned SaaS applications. Earlier this year in 2024, Microsoft’s GitHub was breached by a collective that goes by the name Midnight Blizzard. Attackers leveraged a legacy OAuth app that had mailbox access. By avoiding detection with lateral movement, these attackers ensured that they had long-term access to sensitive internal systems.
It’s well worth a read to learn more about the risks that were exposed when hackers successfully breached Okta’s support ticketing system. They gained access through a service account that lacked MFA protection. Such vulnerabilities are a prime example of how low-hanging fruit attackers are going to exploit, for example, unmanaged identities or over-permissioned access in an organization.
In yet another recent case, an investigation determined that a firm retained administrator-level control over employee activity logs. This was true even months after such employees’ contracts had elapsed. This emerging landscape presents important and urgent questions around data governance. We need stronger safeguards to protect access to sensitive personal data.
Proactive Solutions for Security Teams
In order to counteract these risks, organizations need to take a proactive approach to SaaS application management. Wing Security is purpose-built to empower security teams to find vulnerabilities and fix them before they become big incidents. Wing Security provides automated discovery for all SaaS apps, users, and integrations. It then builds a matrix of human and non-human identity, exposing their permissions and MFA status.
These tools provide essential visibility into how SaaS apps are being used in your enterprise. They are able to identify where too much access may lead to possible violations. Organizations can lower their risk exposure more effectively than ever by maintaining a real-time inventory of SaaS usage. Beyond that, they need to make sure the right permissions are assigned.