Enterprises today heavily rely on Software as a Service (SaaS) applications, with larger organizations using an average of 371 apps, representing a 32% increase from the previous year (estimate). The challenge lies in the fact that these apps are often scattered across different departments, lacking oversight and clarity on usage. Additionally, misconfigurations in these apps can lead to serious security issues.
“SaaS applications today are so complex, you almost need a dedicated expert in each one to secure them,” explains Joseph Thacker, the principal AI engineer at AppOmni, a leading SaaS Security Posture Management (SSPM) provider. He adds, “No organizations have that type of expertise, so you end up with overworked security teams trying to go in and understand all the security settings.”
In response to these challenges, AppOmni has introduced AskOmni, a new AI-powered SaaS security assistant. This innovative tool allows users to ask critical security questions, and the system will provide plain language answers with important data and remediation steps.
The Importance of SaaS Security
Thacker emphasizes that enterprises must prioritize SaaS security, as it is where their core intellectual property and sensitive data reside. He notes that organizations and security teams need to adjust their mindsets when it comes to SaaS, as threat actors can directly access data instead of targeting devices or frameworks, creating a whole new ecosystem of security risks.
The challenge lies in the sprawling nature of SaaS applications and the overwhelming number of security findings and alerts that organizations face. Thacker compares this situation to shadow IT, stating, “It’s shadow IT all over again, AI is the new shadow IT.” The constant changes pushed by platforms like Salesforce and Microsoft 365 further complicate the situation, making it difficult for security teams to keep up.
Thacker adds, “Where do you start? You’ve got complexity, a step below that you have a security team that doesn’t even know what’s in the wild and being used by your staff. How can you keep up?” He also acknowledges that while many alerts may seem overwhelming, a majority of them are just noise, with only a few posing actual security risks.
The Role of AskOmni in SaaS Security
To address these challenges, AskOmni leverages generative AI and natural language queries to assist with common SaaS security decisions. Users can ask the system questions about their SaaS apps and AppOmni’s security capabilities, and the user-friendly platform will analyze contextual information, aggregate data points, identify issues, and assess risks.
AskOmni aims to simplify the remediation process by providing plain language alerts for critical issues and guiding users through the necessary steps. The tool also integrates relevant findings on alerts to provide context and can even surface attack chains. Going forward, it can notify administrators about privilege overprovisioning issues and new threats, providing detailed explanations and recommended remediation steps.
Thacker highlights one of the key features of AskOmni, saying, “If I want to secure ‘X’ environment, how can I do that in AppOmni?” The system will utilize contextual information on how AppOmni secures specific applications, pulling from documentation or interacting with other platforms like Azure Active Directory to generate customized remediation advice and scripts.
While AskOmni is still in its early stages, the long-term goal is to expand its capabilities and handle more complex inquiries. Thacker envisions the system being able to tackle questions like, “What should I remediate first?” or “This user was just let go, what SaaS apps did he use and how do I secure those?” Ultimately, AppOmni aims to create an all-encompassing platform that provides comprehensive security insights.
Thacker concludes by emphasizing that AI has incredible potential and will revolutionize various industries. He notes that AI capabilities are continuously improving and becoming more accessible. He states, “We’re barely scratching the surface of what’s possible for AI,” and urges people not to focus on what AI can’t do but rather explore how it can be enhanced with context, examples, and additional tools to overcome its limitations.
