What are Data Leaks in SaaS?
Data leaks refer to unauthorized exposure of sensitive information. When viewed through a SaaS setting, these are data exposures emanating from a SaaS application. Data leaks can result in the compromise of personal, financial, or business-critical information. While some define data leaks as unintentional, the term is used interchangeably with data breaches.
What types of SaaS applications are susceptible to data leaks?
Any application that handles sensitive data is susceptible to data leaks. For example:
CRM Systems
Potential leaks can include customer contact details, sale data, and transaction history. Applications in this category include Salesforce.
Communication Tools
Potential leaks include internal communications, shared files, and project details. Applications in this category include Zoom, Microsoft Teams, and Slack.
Project Management Software
Potential leaks include project plans, timelines, and resource allocations. Monday and Asana are applications in this category.
Enterprise Resource Planning
Potential leaks include financial data, supply chain info, and employee records. Applications in this category include SAP and ServiceNow.
File Storage Services
Potential leaks include business documents and confidential information. Applications include Dropbox, Google Drive, and Sharepoint.
Marketing Automation Platforms
Potential leaks include customer profiles, campaign data, and analytics. Applications include Hubspot and Google Ads.
HR and Payroll Services
Potential leaks include employee personal data and salary information. Applications include Workday and HiBob.
How do Data Leaks Occur in SaaS Applications?
Data leaks from SaaS applications are unintentional and occur without threat actor involvement. They typically come from one of three places – misconfigured settings, weak access controls, and user error.
When applications are poorly configured, they can lead to unintended exposures. For example, when sharing a document or file, most SaaS applications have two options:
- Share with a specific user
- Share with anyone with the link
Share with a specific user requires users to authenticate themselves in some way while allowing anyone with a link make the file available to anyone. If that link is exposed, the data is accessible.
Weak access controls also lead to data leaks. Most applications also have access control configurations that allow dashboards, repositories, and workspaces to be shared publicly. These configurations can lead to massive data leaks.
User error is another primary cause of data leaks. App admins who don’t understand the implications of the different configurations make mistakes and inadvertently share files and databases with the public.
How Can Organizations Prevent Data Leaks from their SaaS Applications?
Preventing data leaks in SaaS applications requires implementing several key measures. Regular security audits through a SaaS Security Posture Management (SSPM) tool are essential for continuously monitoring and assessing security configurations to identify and address vulnerabilities. These tools provide real-time insights and automated checks, ensuring that security policies are up-to-date and effective.
Identity Threat Detection and Response (ITDR) systems are crucial for identifying and mitigating threats related to user identities, such as detecting unusual login patterns and responding to potential breaches swiftly, as well as user behavior.
Multi-factor authentication combined with strong password policies should be enforced, guiding employees to create complex, unique passwords and implement mechanisms such as multi-factor authentication. These combined efforts create a robust security framework that significantly reduces the risk of data leaks in SaaS environments.
Employee training is another critical component, focusing on areas such as recognizing phishing attempts, adhering to security protocols, and understanding the importance of data protection. Educating employees about the latest security threats and best practices ensures a security-conscious culture within the organization.
What is the Difference Between a Data Leak and a Data Breach?
While some define data leaks as unintentional data loss and data breaches as unauthorized access, these terms are often used interchangeably. Reports often use each term to describe any data exposure.
Can Data Leaks Come From GenAI?
One of the concerns organizations have with using GenAI with their SaaS application is that it will use and share unauthorized data in reports, proposals, and other collateral materials. It is of paramount importance to prevent GenAI tools, like Salesforce Copilot, from accessing confidential data.
What is an Example of a Data Leak?
In May, threat actors announced that they had stolen over half-a-billion customer records from Snowflake. Records include names, email addresses, physical addresses, and partial credit card number.
Last year, a misconfiguration in Salesforce Communities led financial services companies and healthcare providers to leak data. Guests on various sites were able to view records that contained social security numbers and financial information.
How Can Organizations Prevent Data Leaks From Occurring?
There are several ways to prevent data leaks. Using an SSPM, organizations can find and remediate misconfigurations that expose data to the public.
It is worth noting that remediation will not always secure data that has already been publicly exposed. For example, if a setting allows all workspaces to be made publicly available, changing that setting will prevent future workspaces from being available, but may not change the settings of existing workspaces. Those may require manual interventions.
Leading SSPMs also include data inventories, which list all documents and files that have been shared. Using this data and a SIEM, organizations can review the files and automatically change the permissions on the individual files.