“Most teams have far more integrations than they realize, and many retain broad privileges long after the original business need,” he pointed out.
“In parallel, we should raise the security bar for any SaaS vendor we rely on, [with] clear requirements around token security, logging, incident response, and secure integration patterns, and make sure our own tenant configurations and monitoring are hardened so integration activity is least-privilege, observable, and quickly containable when something upstream is compromised,” Michal added.
Grimes said that users can be educated to check how many devices are authorized to access their Microsoft, Google, and other login accounts. They should also be continually warned to be suspicious of email links that go to a login page.
Read the full article here
