- The open letter from JPMorGanchase calls for an urgent action on the industry scale on SaaS risks
- Third -party SaaS models expose critical infrastructure to cascading cybersecurity threats
- Companies are based on unsecured integrations that collapse the boundaries of trust between systems
Jpmorganchase, the largest bank in the world, warned the dangers of SaaS technology used by organizations around the world every day.
Writing in an open letter, the CISO Patrick OPET underlined increasing concerns that the speed of the adoption of Saas has exceeded the development of security.
In particular, OPET noted that suppliers have prioritized the rapid delivery of features compared to secure architecture, creating systemic vulnerabilities through the software supply chain.
A call to arms
“A Calendar Optimization Service focused on AI integrating directly into corporate messaging systems via” reading roles only “and” authentication tokens “can undoubtedly stimulate productivity during properly operation,” said OPET.
“However, if compromised, this direct integration grants attackers unprecedented access to confidential data and internal critical communications.”
OPET continued by warning thousands of organizations which are now integrated into ecosystems that greatly depend on a small group of service providers – so if you are compromised, the effects of undulations could be devastating.
“Modern integration models dismantle these essential limits, based strongly on modern identity protocols (for example, OAUTH) to create direct interactions, often uncontrolled between third -party services and sensitive internal resources of companies,” said OPET.
“In practice, these integration models collapse authentication (identity verification) and authorization (granting authorizations) to too simplified interactions, effectively creating the explicit confidence of a single factor between Internet systems and private internal resources. This architectural regression undermines the principles of fundamental security which have proven durability.”
JPMorGanchase has already experienced a number of third -party violations in the past three years, requiring rapid action to isolate compromise partners and mitigate threats. These incidents highlighted the risks linked to very connected third -party ecosystems.
“Faithful competition between software providers has led to the priority of the rapid development of functionalities compared to robust security,” wrote OPET.
“This often results in versions of precipitated products without complete integrated or activated security by default, creating repeated opportunities for attackers to exploit weaknesses. Pursuit of market share to the detriment of security exposes whole customer ecosystems to a significant risk and will result in an unsustainable situation for the economic system.”
He also cited new threats emerging from the token flight, opaque outbuildings of the fourth part and privileged access without sufficient transparency.
“The most effective way to start the change is to reject these integration models without better solutions,” concluded OPET. “I hope you join me Recognize this challenge and respond decisively, in collaboration and immediately. »»
