AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security

Securing software-as-a-service (SaaS) apps is hard. The standard cybersecurity controls are not designed for SaaS.

The difficulty is the software doesn’t belong to the user and usually runs on somebody else’s infrastructure. Standard cybersecurity products are designed to operate on software owned by the user and housed on the users’ infrastructure.

SaaS providers attempt to maintain security inside their apps, but they cannot control how they are used. Usage varies from user to user and is fundamentally governed by how the app is configured. This configuration is the only native security available to SaaS users, and misconfiguration is the primary and most common source of insecurity.

“The legal team might be using one (or more) SaaS apps, HR, financial and engineering something else – everyone across the company is using different tools, perhaps 100 different tools,” suggests Melissa Ruzzi, senior director of AI at AppOmni. Each one will have a different configuration, generally set by the user. “That’s what makes SaaS so interesting,” she continues (probably including ‘interesting ‘ in the purported ‘Chinese sense’), “because the configuration is where all the security actually lies.”