Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Missed CSA’s Cyber Monday sale? Contact [email protected] to see if you qualify for a raincheck!

Lifecycle Management in SaaS Security: Navigating the Challenges and Risks

Published 12/04/2024

Home
Industry Insights
Lifecycle Management in SaaS Security: Navigating the Challenges and Risks

Originally published by Valence Security.

Written by Jason Silberman.


The rapid rise of Software-as-a-Service (SaaS) has transformed business operations, offering unprecedented flexibility and scalability. However, this shift brings its own set of security challenges, particularly when it comes to managing the lifecycle of SaaS applications and their associated resources such as identities. Effective lifecycle management is crucial in safeguarding against threats and ensuring that security measures keep pace with the evolving landscape of SaaS.

This blog post delves into the key challenges of account deprovisioning, dormant SaaS-to-SaaS integrations and non-human identities, and unused but still available external data shares.


The Importance of Lifecycle Management in SaaS Security

Lifecycle management encompasses the entire span of an application's existence, from initial deployment to eventual decommissioning. In the context of SaaS security, it involves managing user access, integrations, and data sharing throughout their lifecycle. Poor lifecycle management can leave organizations exposed to significant security risks, including unauthorized access, data breaches, and compliance violations.

A recent Gartner report stresses that lifecycle management in SaaS security simply cannot be ignored. Industry experts are increasingly emphasizing the critical nature of addressing lifecycle management comprehensively to prevent security gaps.


Challenges in SaaS Security Lifecycle Management

1. Account Deprovisioning and Offboarding

One of the most critical aspects of SaaS lifecycle management is timely account deprovisioning. The infamous 2020 Drizly data breach, where an attacker exploited an un-revoked GitHub account intended to be granted for one-day access from a 2018 hackathon, serves as a stark reminder of the consequences of lax offboarding practices. When employees or contractors leave an organization, their access to SaaS applications must be promptly revoked to prevent potential misuse. Despite the availability of automated offboarding processes, gaps often persist, and just offboarding from the corporate SSO is typically insufficient due to direct local access granted in SaaS applications.

According to the 2024 State of SaaS Security report, 93% of security teams claim to have automated processes for offboarding ex-employees and contractors. However, data reveals a different reality: In platforms like Google Workspace, about 6% of accounts remain inactive without any recent logins, and 4% of these have admin privileges. This creates a window of opportunity for attackers to exploit dormant accounts.

A significant challenge in this area is managing "Shadow IAM," which refers to unmanaged or local accounts that are not linked to the company's Single Sign-On (SSO) system or identity provider (IdP). When users create accounts directly within SaaS applications without going through SSO, these accounts can remain unmanaged if the IT team focuses only on accounts tied to the corporate IdP. Consequently, when an employee is offboarded, their SSO-linked accounts may be deactivated, but these unmanaged, local accounts can be left untouched. This oversight can create security risks, as these accounts, which may retain access privileges, remain active and unmonitored.


2. Inactive Non-Human Identities

Non-human identities, such as service accounts and API keys, play a vital role in integrating various SaaS applications. However, inactive or unused non-human identities can pose serious security risks. The 2024 State of SaaS Security report highlights that 65% of integrations in platforms like Microsoft 365 are inactive but still hold valid API keys or OAuth tokens. These forgotten integrations often become entry points for attackers.

In the Cloudflare breach publicized in February 2024, attackers exploited overlooked service tokens and accounts that were compromised during a previous Okta breach. Despite rotating more than 5,000 production credentials and performing an in-depth forensic analysis, the Cloudflare security team missed one service token and three service accounts that were presumed to be unused. This oversight, involving only four out of 5,000+ credentials, ultimately contributed to the breach, illustrating that every credential counts in maintaining security.

Similarly, the Microsoft Midnight Blizzard attack further exemplifies the risks associated with unmanaged non-human identities. Among the numerous attack vectors, attackers exploited a legacy test OAuth application—a non-human identity—that had full access to Microsoft’s corporate production Microsoft 365 tenant, including the ability to read emails. This demonstrates how even outdated or seemingly benign non-human identities can become significant security liabilities if not properly managed.

Inactive integrations often result from failed Proofs of Concept (PoCs). When organizations trial new SaaS solutions, they grant temporary access which, if not properly decommissioned, can leave lingering vulnerabilities. Managing and auditing these integrations is crucial to prevent unauthorized access and potential breaches.

Additionally, some security teams might offboard a SaaS user or former employee but fail to disable OAuth tokens or third-party integrations set up by the user. These overlooked integrations can continue to provide access, posing significant security risks if not properly addressed.


3. Inactive and Unused External Data Shares

External data sharing is a common feature in SaaS applications, enabling collaboration and information exchange. However, it also presents risks if not managed properly. We all have shared files, folders, and recordings, but rarely do we ever “unshare that file” beyond the time it’s needed. The 2024 State of SaaS Security report reveals that a staggering 94% of external data shares are inactive, with no recent access by external users. Additionally, 22% of these shares utilize open links, exposing sensitive information to anyone with the link.

Inactive external shares can pose significant security risks. For instance, a misconfigured Google Drive folder exposed personal data of nearly one million individuals. Ensuring that external data shares are regularly reviewed and deactivated when no longer needed is crucial for maintaining data security.

Data SecurityIdentity and Access ManagementSaaS Governance

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Explore Benefits of CSA Corporate Membership
Map the Transaction Flows for Zero Trust
Register for the Virtual AI Summit 2025
Enhance your cloud security skills with CSA's online training options.
Related Articles:
Upcoming CPPA Meeting and Proposed Data Broker Rulemaking Made Public

Published: 12/04/2024

Phishing Attacks on State and Local Governments Surge 360%

Published: 12/04/2024

What 2024’s SaaS Breaches Mean for 2025 Cybersecurity

Published: 12/03/2024

Legacy MFT Solutions Might Not Look Broken, But They Are

Published: 12/03/2024