- JPMORGANNASE OPEN LETTER calls for urgent industrial-wide action at SaaS-Risks
- Third-Part’s SaaS models postpone critical infrastructure for cascading cyber security threats
- Businesses are dependent on uncertain integrations that collapse trust limits between systems
JPMORGANNASE, the largest bank in the world, has warned of the dangers of SaaS technology used by organizations around the world every single day.
In an open letter, CISO Patrick Opet outlined growing concern that the speed of the SaaS adoption has surpassed security development.
In particular, the open noted that suppliers have prioritized fast delivery of function over safe architecture, creating systemic vulnerabilities across the software supply chain.
A call for weapons
“An AI-driven calendar optimization service that is integrated directly into corporate email systems through” Read only roles “and” Authentification Troch “can undoubtedly increase productivity when working properly,” the open said.
“But if compromised, this direct integration attacks attackers so far unprecedented access to confidential data and critical internal communication.”
The open continued to warn thousands of organizations are now embedded in ecosystems that depend a lot on a small group of service providers – so if you are compromised, the ring effects could be devastating.
“Modern integration patterns dismantle these essential limits and are highly dependent on modern identity protocols (eg OAuth) to create direct, often uncontrolled interactions between third -party services and businesses’ sensitive internal resources,” the Opet said.
“In practice, these integration models collapse authentication (verification of identity) and permission (allocation of permits) to overly simplified interactions, which effectively creates an enactor explicit confidence between systems on the Internet and private internal resources. This architectural regression undermines basic security principles that have been shown to be varability.”
JPMORGANNACE has already experienced a number of third -party violations in the last three years, requiring rapid action to isolate compromised partners and mitigate threats. These events have emphasized the risks associated with heavily connected third -party ecosystems.
“Hovd competition among software providers has driven the priority of rapid functional development rather than robust security,” the open wrote.
“This often results in hasty product releases without extensive security, built -in or activated by default, creating repeated opportunities for attackers to exploit weaknesses. The pursuit of market share at the expense of security exposes entire customer ecosystems to significant risk and will result in an unsustainable situation for the economic system.”
He also cited new threats that came out of token theft, opaque fourth party dependencies and privileged access without sufficient transparency.
“The most effective way to begin changes is to reject these integration models without better solutions,” the open concluded. “I hope you will join me to To recognize this challenge and respond crucial, cooperation and immediately. “
