2022 Cyber Predictions: Risk of SaaS Applications Being Compromised

This is part of our 2022 cybersecurity predictions series.


Kevin Dunne, President, Pathlock shared his insights on Zero Trust, privacy laws and regulation, and the cloud.

Zero Trust


“In 2022, Zero Trust will shift from a nice to have to a need to have item on every CISO’s agenda. The federal government has already mandated that all agencies employ a Zero Trust approach, and agencies are moving quickly to put these safeguards in place. However, today’s approach to Zero Trust is mostly an application of Least Privileged Access, and a rudimentary one at that. Organizations are providing what they believe to be the least amount of privileges required, but they are not monitoring after the fact to see what is actually used and removing what is not used. Monitoring of entitlement usage at the transaction level will be a critical capability to ensuring that Least Privileged Access is a reality and not simply an assumption.”

Privacy laws/regulation


“In 2022, we will continue to see jurisdictions pass further privacy laws to catch up with the states like California, Colorado, and Virginia who have recently passed bills of their own. As companies look to navigate the sea of privacy regulations, there will be an increasing need to be able to provide a real-time, comprehensive view of what data is being processed and stored, who can access it, and most importantly who has accessed it and when. As the number of distinct regulations continues to grow, the pressure on organizations to put in place automated, proactive data governance will increase.”

Cloud


“Cloud adoption will continue to accelerate in 2022. As the post-pandemic dust settles, organizations will realize that cloud investments drive better company performance, agility, and resiliency regardless of work from home or in office culture going forward. While much of the focus is placed on lifting and shifting in-house built applications to the cloud, the majority of cloud transformation is being unlocked through SaaS adoption. In today’s world, there is an application for everything, and most of those applications live in the cloud. The number of integrations and connections between SaaS applications in the enterprise is exploding. The risk will increasingly be of compromise to one of these SaaS applications or to one of the transport mechanisms between applications. Therefore, additional focus and emphasis should be on understanding what applications exist, and securing communication between these applications.”


###