SAAS SECURITY
CONTINUED
well as helping them interrogate the SaaS vendors they use,” he says. “Their own DevSecOps are critical to avoid becoming part of the problem. CVEs spread through the software supply chain have a mass effect across many organisations. Strong DevSecOps delivering secure products is the foundation for the whole SaaS ecosystem.” Sebastian agrees that education is key. “Vendors, MSPs and channel partners need to get on the same page when it comes to understanding the current and evolving cybersecurity threats. This should go beyond the traditional ‘training’ of how to use a particular tech stack but giving partners and customers the whole picture of the cybersecurity landscape. This could include tutorials on how to spot weak links in your system, how to spot potential threats or masterclasses on new and evolving cyber threats. The times are changing and the IT channel has to get on board, otherwise, it risks not only cyberattacks, but also monetary and reputational damage.” Future Akhil says that SaaS security is moving toward self-healing systems that use machine learning to detect and respond to threats automatically, reducing the need for human intervention. “Stricter regulations are also driving stronger compliance, pushing providers and customers to strengthen their defenses,” he says. “We will see a focus on proactive measures with real-time monitoring and built-in resilience.” Glen Williams, CEO of Cyberfort, adds that customer demand will influence how the market develops. “Increasing numbers of customers rate security as a significant reason why they choose a SaaS solution, and the days of uncontrolled SaaS driven entirely by the line of business appear to be fading,” he says. “The future will consist of increased due diligence and automatic
evidencing as part of the sales process, further integrations with identity and security monitoring solutions and better ‘out of the box’ security configurations. As more enterprises either expand security team remits to cover SaaS or create new teams for application security, these requirements will continue to develop as ‘table stakes’ for SaaS providers.” Pieter says that eventually, AI and automation will help defenders identify and respond to cyber threats quickly. “By analysing patterns and behaviours, AI-driven systems can detect anomalies, flag potential attacks, and even initiate automated responses to contain breaches,” he says. “For now, there are things everyone can do better to help when they are attacked. These include detecting anomalies in your operations which require understanding your baselines, having a better understanding of your data, and the history of that data. This is important because AI will make maintaining integrity and availability more challenging. Everyone needs to be more honest about what their systems can do, and every business has a responsibility to make sure their data is not tampered with and can be trusted.” Ian adds that there will need to be continuous adaptation to new threats. “As businesses adopt hybrid cloud models, security solutions must evolve to protect networks across diverse environments,” he says. “The complexity of networks in a hybrid cloud approach increases the risk of weak spots, creating new opportunities for cybercriminals. Data flow between public and private clouds can create vulnerabilities, giving attackers access to sensitive data. “Businesses must stay proactive, ensuring their security evolves with technology to safeguard their SaaS infrastructure and protect against future threats.”
Randall Degges head of developer and community
snyk.io
“
By analysing patterns and behaviours, AI-
driven systems can detect anomalies, flag potential attacks, and even initiate automated responses to contain breaches.
”
Glen Williams ceo
cyberfortgroup.com
30
Powered by FlippingBook