![]() I think she was looking at it a while back.” Sift through the non-helpful responses pontificating on the relative value of the service to find some leads: “Maybe check with Maria.Double check by sending this email or chat message to your security, dev, or IT org (or maybe all): “Hey, do you know if anyone is using CircleCI?”.Check your system of record (that one spreadsheet you maintain) to see if CircleCI is one of your official suppliers.For example, if you woke up to the news of the recent CircleCI security incident and wanted to assess your impact, your process might have looked something like this: This leads to too many wild goose chases in the aftermath of a SaaS provider breach. This makes it a challenge to even keep track of what SaaS services your own employees are introducing into the organization, and even the CI/CD. What’s more, SaaS providers in IT infrastructure, security, and developer spaces are making it increasingly easy for individual users to get started with “freemium” accounts. SaaS supply chains are dynamic, and conventional SBOMs no longer reflect the reality of what underlying services your vendors are using at any given moment. When this happens, risk management leaders need to quickly assess the potential impact to their organizations. So, when one experiences a data breach, it can create a ripple effect of risk across the entire SaaS supply chain. Along with IaaS and PaaS, they create the foundation for our modern SaaS economy. These types of SaaS services are used to build, deliver, and secure other SaaS services. ![]() CircleCI and LastPass are the latest to join a growing list of companies ( Okta, Twilio, Mailgun) in these spaces that have been the target of recent attacks. In recent weeks, we've seen another wave of high-profile security incidents at SaaS providers in IT infrastructure, security, and developer spaces. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |