Hiding in plain sight: What’s hiding behind your 3rd party SaaS

With the evolution of Supply Chain, the threats have become more real and advanced for traditional supply chain programs to cover. Newer technologies like SaaS which has dependencies on 4th party suppliers like cloud providers cannot be assessed the way how software has been assessed or a traditional supplier is assessed. The million dollar question here is, have we made the changes to our supply chain program to look beyond the obvious and are we doing mere due diligence?

The biggest challenge in Supply chain is understanding your footprint. No company can confidently say the number of 3rd party solutions being used. 3rd Party solutions, specifically SaaS solutions, are increasing 15% YoY in all companies and with shadow IT organizations, its hard to keep a track on the adoption rate.

Microsoft as a company is prone to the same challenges. However, the DSRE team in Microsoft IT came up with a unique solution to understand their overall exposure to 3rd party and then be able to manage risk appropriately. A company is only as secure as its weakest link. If an attacker can expose the weakest link then it will be able to breach the companies defenses. SaaS solutions presents a unique challenge in this situation because it is completely hosted out of a company’s environment and our present assessments are not up to date to handle the threats that could be exposed via SaaS solutions. For that purpose, the DSRE team utilized Microsoft Cloud App Security product to find, understand and manage the risk around 3rd party SaaS solutions. 

Hear directly from the DSRE team in Microsoft IT about the journey the team took to revamp the supply chain program, while creating a new risk-based framework and utilizing Microsoft Cloud App Security to protect the company against threats they would have never found out about.

Duration: 15:34
Publisher: Microsoft Cloud Platform
You can watch this video also at the source.