Brendan O’Connor, AppOmni: Work Environment Shift Leveraged By Attackers
A veteran of the security industry, Brendan O'Connor has been a part of the crew at several big SaaS providers before founding his own company - AppOmni. Securing the technology we all use is a goal he works towards every day.
AppOmni is one of the leading providers of Cloud Security Posture Management for SaaS, providing data access visibility, management, and security.
O'Connor talked to us about AppOmni, how he started on this journey, and the risks we now face due to the Coronavirus pandemic and the changes in workplaces happening around the world. Read on to find out what he had to say.
TechNadu: AppOmni is one of the world's leading SaaS Cloud Security Posture Management (CSPM) solutions. What makes your offering one of the best in the world?
Brendan O’Connor: To properly secure and manage the use of critical SaaS applications, security, compliance, and IT teams require a comprehensive solution that enables immediate visibility, proactive posture monitoring, normalized event streams, and effective compliance tooling. AppOmni is the only SaaS CSPM solution available today that provides these teams with all of the tools they need to be successful. This includes security posture management, monitoring and detection, and continuous compliance.
AppOmni team consists of experts in the SaaS and cybersecurity industry, bringing a unique perspective that addresses the practical needs of day-to-day operations with the latest cybersecurity techniques. Our team builds world-class security automation that is easy to use, impactful to our global customers, and meaningfully advances the security of their SaaS applications.
TechNadu: You're one of the company's co-founders. Tell us more about your journey, how you started AppOmni, and why you chose to do this.
Brendan O’Connor: AppOmni came directly from my experience leading security teams at two of the largest SaaS providers in the world - Salesforce, and ServiceNow. As you can imagine, these companies were huge users of SaaS for mission-critical applications. As a CISO, my team had to ensure that the right security controls were in place across multiple applications and in many different environments. Managing external access and sharing, 3rd party applications, configurations, and role-based access control across all of these applications was a constant challenge. When I joined ServiceNow, I saw the same challenges. The underlying SaaS application is secure, but customers still need to manage access control, permissions, and configuration themselves. It’s incredibly difficult to do manually, which is why most security teams struggle with hardening and monitoring the SaaS applications their business relies on. I lived this problem. AppOmni is the security platform I wish I had when I was a CISO.
TechNadu: What are some of the biggest risks and challenges you see in securing working environments today?
Brendan O’Connor: Risk of misconfiguration is the most widespread problem. SaaS applications are incredibly powerful and integrate with a variety of APIs and data sources. That creates complexity. There are so many different configuration settings, and the control panel for these applications are all different. Security teams also need to assess and manage the configuration of these applications across multiple instances and environments. It is extremely time-consuming to track and manage this manually, which is why mistakes are made so often.
The other key challenge is third party applications. Users are connecting third-party cloud applications into their SaaS environments. These cloud-to-cloud connections are often missed by solutions that are based on traditional perimeter security architecture and go unaccounted for. In our experience, security teams are aware of less than half of the third-party apps that have API access to the company’s data.
TechNadu: What new issues have arisen from the COVID-19 changes forced upon us, namely working from home?
Brendan O’Connor: With the shift to remote work, many businesses made significant technology changes very rapidly. It's inconceivable that a technology shift that big, made that quickly, didn't create new avenues of exposure. So, we are seeing two factors contributing to increased risk.
First is the increased attack surface. Classic network defense strategy used the Castle approach - big walls and hardened perimeters, followed by a series of internal defenses around the most critical data. That approach works well when all of your data and users are inside the Castle. What happens when your applications and data are outside those walls? What if your users are no longer inside the Castle? That is the world we are living in today. The perimeter has been dissolving for quite some time; however, mass remote working has put an end to that. Security teams now need to defend an attack surface that includes remote employees and all of the cloud applications that are making remote work possible, much of which bypasses the enterprise network completely. The classic defense strategies of the past 20+ years are no longer effective.
The other is the impact. The impact of a successful attack has also significantly grown. When attackers were trying to penetrate corporate networks, security had chances to catch them as they moved through the network. Monitoring solutions were vital because the sooner you could detect an attacker inside your network, the better your chances of minimizing the damage from data theft. Instead of trying to pierce the corporate network to steal information, attackers are now targeting cloud services looking for misconfigurations or bad security hygiene. In such cases, the benefit of anywhere-access of cloud services can work in favor of the attackers.
TechNadu: AppOmni recently launched Enterprise Essentials, a tool to help companies protect their SaaS platforms as their employees work remotely. Tell us more about it and how it can help.
Brendan O’Connor: Enterprises are increasingly relying on SaaS for their day-to-day operations. Although this had been a growing trend, the rate of adoption has accelerated due to the shift to supporting remote workers. For this reason, the security of data in SaaS, as well as adherence to industry best practices, is ever more critical. With many organizations now housing their most sensitive data in the cloud, their risk of data loss, data privacy, and compliance issues have grown. Misconfigurations, overly broad data sharing, and APIs exposed to the outside world create doorways for attackers to get in.
Enterprise Essentials secures top SaaS applications enterprises depend on today for day-to-day operations for remote workers. The platform provides enterprises with an always-on dashboard that delivers visibility into the current state of their cloud/SaaS applications, deviations from their business intent, and a simple way to immediately verify the state of any application for both functional and security requirements. Deployment takes minutes and immediately integrates into existing workflows to provide actionable insight and visibility.
TechNadu: Are we seeing more cyber-attacks due to the diversification in the work environment in the past few months?
Brendan O’Connor: There has certainly been an increase in cyber-attacks trying to leverage the change in the work environment. Phishing emails aimed at gathering personal information under the guise of change in the work situation have been on the rise. My employees and I have noticed the increase first hand, and I’m sure most remote workers have seen this as well.
To support the shift to remote workers, many configuration changes were made quickly, and SaaS applications became more important than ever to company operations. With all of this change, it is a certainty that mistakes were made, and configuration errors have left the door open to attackers. We’ve already seen an increase in attacks and breaches in the past few months. I’m afraid there may be many more that have occurred, and we just haven’t heard about them yet.
TechNadu: What are some of the biggest security threats we are facing nowadays, and what are the attackers targeting?
Brendan O’Connor: Cyber attackers have always followed the data. The objective hasn’t changed, but the location of the data certainly has - away from the corporate environment and to the cloud. With some organizations supporting 100% virtual workforce or very limited in-office workers, attackers have little incentives to target and infiltrate corporate networks. It's easier to target cloud services, which, by design, are meant to enable a wide range of access from any device and location.
Other areas attackers will surely target are the increasing number of cloud applications aimed at assisting enterprises to go back to work safely and resume operations. Such applications include features such as employee health-check, contact tracing, and other useful features. However, unlike hospitals, many organizations are not familiar with tracking such personal and private information. Lack of experience and expertise in handling such data can be just what the attackers are waiting for.
TechNadu: What's one of the most important lessons you've learned in your career?
Brendan O’Connor: Never confuse Progress with Motion. You can work up a sweat running on a treadmill, but you haven’t gone anywhere. Being busy is not the same as being productive. To make a difference, you must take purposeful action towards a goal - and continuously measure your progress towards that goal.