Breakpoint Security Podcast

#S02EP09 | Controlling your SaaS Sprawl with a SaaS Security Platform | Abhishek Anand

Abhishek | br3akp0int Season 2 Episode 9

Just like cloud is omnipresent in 2023, SaaS sprawl is just as prevalent. A company on an average uses 110 SaaS apps and broadly 70% of the software that is being run is SaaS with issues even more severe  at enterprise level. 

SaaS security today is thought of as an IAM problem solved with an SSO integration but issues go beyond that, with misconfigurations leading to leaked data, insecure SaaS plugins opening up new threat vectors and how  your services talk to other SaaS apps.

A lot of cloud security issues can be solved in orgs with good engineering practices but SaaS security is harder because users are spread across the organization and each tool has its own nuances, so IT/security teams find it hard to manage well. The general practice of allowing users to bring their own plugins and ways of use around SaaS apps is what creates security issues.
In this episode, we dive deep into SSP implementations for organisations.

Guest: Abhishek Anand, Co-Founder Koala Lab

Abhishek is a technology leader who built Housingdotcom as CTO and most recently built cloud infra at Whitehat Jr, where he led the platform and SRE teams. Over the course of his career, he has solved varied security problems and is currently building KoalaLab based on inspiration during his time building and securing infrastructure for these fast-growing companies.

Recommended reading/viewing for practitioners:

  1. SaaS Sprawl: https://www.zippia.com/advice/saas-industry-statistics
    1. 38% of companies run almost entirely on SaaS
    2. As of 2021, an average of 110 SaaS apps are used per organization.
    3. Approximately 70% of total company software use is SaaS as of 2022. However, this number has the potential to reach up to 85% by 2025, indicating that SaaS as software will only continue to become more popular.
  2. Salesforce leak of data: https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
  3. Google drive leaks: https://ny.chalkbeat.org/2021/8/5/22612388/data-breach-nyc-students-staff-google-drive
  4. Case: https://www.wired.co.uk/article/nhs-covid-19-app-health-status-future
  5. TL;DR:  https://tldrsec.com/- Good newsletter covering a lot of security research
  6. SSP Coverage Reference: https://www.koalalab.com/saas-security


I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

  • Twitter: @NeeluTripathy
  • LinkedIn: neelutripathy

People on this episode