New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

Whether it's CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for...

Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan?

As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data...

Cloudflare Public Bug Bounty: Yet Another CASB Integration Takeover of Active Integrations

A vulnerability was found in a cloud access security broker's Microsoft integration where an attacker could bypass confused deputy protections. By manipulating the casing of a tenant UUID, a new integration could be created that surfaced sensitive customer information. This issue was addressed by...

Cloudflare Public Bug Bounty: Permanent CASB Integration Takeover due to Improper Access Controls+Confused Deputy Problem

A security vulnerability was discovered in Cloudflare's Cloud Access Security Broker CASB integration, allowing potential unauthorized access to sensitive information. The vulnerability, known as the "confused deputy problem," affected a limited set of integrations. Cloudflare promptly addressed...

The Annual Report: 2024 Plans and Priorities for SaaS Security

Over 55% of security executives report that they have experienced a SaaS security incident in the past two years — ranging from data leaks and data breaches to SaaS ransomware and malicious apps as seen in figures 1 and 2. --- Figure 1. How many organizations have experienced a SaaS security...

Cloudflare Public Bug Bounty: Cloudflare CASB Confused Deputy Problem

A vulnerability was found in Cloudflare CASB on Microsoft and GitHub integrations, allowing an attacker to create a new integration and access sensitive information if they were able to enumerate a valid tenant UUID or domain. The issue was resolved by disallowing the creation of multiple...

Reduce SaaS App Risks with Cloud Security Broker & Zero Trust

Responsibility for protecting users and critical data in cloud applications falls to the organizations that use them. Discover how to maintain data control with Cloud Application Security Broker CASB technology and a zero trust strategy...

Enforcement vs. Enrollment-based Security: How to Balance Security and Employee Trust

Challenges with an enforcement-based approach An enforcement-based approach to security begins with a security policy backed by security controls, often heavy-handed and designed to prevent employees from engaging in risky behavior or inadvertently expanding the potential attack surface of an...

How a Cloud Security Broker Reduces SaaS App Risks - SASE Part 4

Responsibility for protecting users and critical data in cloud applications falls to the organizations that use them. Discover how to maintain data control with Cloud Application Security Broker CASB technology...

Securing SaaS Apps — CASB vs. SSPM

There is often confusion between Cloud Access Security Brokers CASB and SaaS Security Posture Management SSPM solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critic...

Logic Flaw Vulnerability in ENLINK CASB Backend Management System

Ltd. specializes in network security product development and sales, is the industry's leading "zero trust" solution provider. A logic flaw exists in the backend management system of ENLINK CASB, which can be exploited by an attacker to cause an arbitrary user password to log into the management...

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Arts-and-crafts retailer Hobby Lobby has suffered a cloud-bucket misconfiguration, exposing a raft of customer information, according to a report. An independent security researcher who goes by the handle “Boogeyman” uncovered the issue and reported it to Motherboard in an online chat, according ...

A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security

Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers CASB. The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security...

A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security

Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers CASB. The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security...

Unified SaaS Application Security, Detection, and Response

Organizations are rapidly embracing Software as a Service SaaS applications for scalability, ease & flexibility of use, and the benefits of not using their own infrastructure. To maintain their focus on business objectives during the new ‘remote workforce normalcy’, organizations have fast-tracke...

Gartner names Microsoft a Leader in the 2020 Magic Quadrant for Cloud Access Security Brokers

The past few months have changed the way we work in many ways, working from home, social distancing, and remote operations have all had impacts on our previously known ways of life. At Microsoft, we have been working hard to assist our customers adjust to this rapidly changing and evolving work...

How to Safeguard Data When the Majority of Your Workforce is Remote

Before our current situation, you and your teams may have implemented a comprehensive data protection plan. The scope of change businesses are currently facing is something none of us could have predicted. These changes will continue to impact how we work in the future. How can you be sure your...

Shadow IT: Why It’s Still a Major Risk in Today’s Environments

Shadow IT is nothing new. Employees have long adopted software applications or cloud services without the knowledge or approval of their organization’s IT department, most often in search of easier ways to get their jobs done. People typically utilize unsanctioned apps not because they’re seeking...

Microsoft Security—a Leader in 5 Gartner Magic Quadrants

Gartner has named Microsoft Security a Leader in five Magic Quadrants. This is exciting news that we believe speaks to the breadth and depth of our security offerings. Gartner places vendors as Leaders who demonstrate balanced progress and effort in all execution and vision categories. This means...

Microsoft Cloud Security solutions provide comprehensive cross-cloud protection

The infrastructure, data, and apps built and run in the cloud are the foundational building blocks for a modern business. No matter where you are in your cloud journey, you likely utilize every layer of the cloud—from infrastructure as a service IaaS to platform as a service PaaS to software as a...