Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About

Trending Topics

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni

    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor & Employment
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations

    Industries

    View All

    • Cannabis
    • Consumer
    • Energy
    • Entertainment
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Non Profit
    • Real Estate
    • Technology

    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    1. Home
    2. Insights
    3. Articles
    4. SaaS users need to implement adequate configuration checks and controls to avoid security breachesArticles

    Article

    SaaS users need to implement adequate configuration checks and controls to avoid security breaches

    March 15, 2022

    Share

    By Andrew Share

    As recently reported by AppOmni, a SaaS security provider, 70% of the ServiceNow instances that AppOmni tested showed a configuration error in the ServiceNow SaaS platform that left sensitive data (including personally identifiable information) accessible to unauthorized users on the Internet.

    As recently reported by AppOmni, a SaaS security provider, 70% of the ServiceNow instances that AppOmni tested showed a configuration error in the ServiceNow SaaS platform that left sensitive data (including personally identifiable information) accessible to unauthorized users on the Internet.

    These types of errors are not limited to the ServiceNow platform.  As AppOmni explained in its press release, similar types of misconfigurations are common across many SaaS platforms "due to the complexity that inevitably comes with high levels of SaaS functionality, flexibility, and extensibility."

    This latest finding highlights the need for both SaaS providers and their users to increase the level of scrutiny given to the security of all SaaS applications. Security is not simply the SaaS provider's responsibility; robust end-to-end security requires diligence and cooperation from both parties. As highlighted in the AppOmni report, the ServiceNow misconfigurations are not the result of a software flaw or a bug providing access to unauthorized users. Rather, the configurations were either erroneously created by users or approved by users and provided access to sensitive data that surely no user intended or had expected. Had end users undertaken a configuration assessment, for example, it is reasonable to expect that the percentage of recently discovered misconfigurations would be lower.

    While the use of SaaS and other cloud-based services was prevalent well before COVID-19, businesses' increased reliance on cloud-based services during and post-pandemic has increased the complexity of needed security protocols and the potential severity of security breaches. Accordingly, companies must factor the necessary time to properly configure their SaaS applications (and test and periodically retest those configurations) into their project plans to develop an adequate security plan and reduce exposure. And—considering that most companies using SaaS resources use more than one—it is obvious that the time and resources needed by a company to ensure a fighting chance against a data breach can grow exponentially. Nonetheless, it is simply a necessary step for SaaS users at this point.

    CybersecurityCybersecurityPrivacy

    Practices

    Cybersecurity & Privacy

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • © 2023 Nixon Peabody. All rights reserved
    • Privacy Policy
    • Terms of Use
    • Statement of Client Rights
    • Supplier Diversity Program
    • Nixon Peabody International LLC
    • PAL