Enhancing Proactive Security Across SaaS Applications 

Discover powerful strategies to secure SaaS apps, Microsoft 365, and AI tools like Copilot. Uncover how to safeguard your data and elevate cloud security.
Daniel Miller
3 min read
Last updated May 7, 2025

With the increasing reliance on cloud services, organizations must ensure their data is protected from potential threats. Varonis Threat Labs has been at the forefront of this effort, providing valuable insights and strategies to enhance cloud security. 

Understanding cloud threats 

Tal Peleg, a researcher at Varonis, identified various threats to cloud data, explained the shared responsibility model, and presented several vulnerabilities and techniques found in SaaS applications, including Salesforce, Okta, and Copilot, during a Cloud8 presentation.  

Cloud8 has played a role in advancing the understanding of risks and best practices for securing sensitive data in SaaS environments. By providing practical insights and tools, they help organizations adopt security frameworks that address their specific needs. Their work complements Varonis Threat Labs' efforts in promoting data protection strategies tailored to modern cloud-based systems. Watch the full presentation below.

 

This article will provide key takeaways from Tal's presentation, including how to detect and prevent these vulnerabilities and practical steps for securing data in environments like Microsoft 365 and SharePoint. 

Who's accountable for protecting data? 

In an on-premises environment, organizations are responsible for everything from the hardware to the software running on it, including data and compliance.  

However, when moving to an IaaS model, such as Azure, the cloud provider offers hardware and virtualization, while the organization manages virtual machines, networks, and operating systems. In a serverless environment, the cloud provider manages the operating system and runtime environment, but the organization still needs to ensure its software is secure and up to date. 

When using SaaS applications, the entire infrastructure is managed by the SaaS provider, but data security remains the organization's responsibility. Cloud vendors cannot know the organization's data or compliance needs, so it is crucial for the organization to manage and protect its data. This shared responsibility model is essential for understanding how to secure data in the cloud. 

Blog_SharedResponsibilityModel_Diagram_202402_V1

Traditional Shared Responsibility Model

Key questions to ask about data security 

To control their data, organizations need to answer several questions: 

  • Who can access data? 
  • Where is the data located? 
  • What data is stored, and should it be there? 
  • What does protecting the data entail? 
  • How can the data be accessed, and what can someone do with it? 

Answering these questions requires visibility into cloud services, understanding permissions, monitoring activities, and knowing the classification of the data. 

Uncovering vulnerabilities in SaaS applications 

In his Cloud8 presentation, Tal highlights critical SaaS vulnerabilities and how attackers exploit them, emphasizing the need for proactive measures to safeguard sensitive organizational data. These insights from Varonis Threat Labds are based on real-world examples and provide practical steps for enhancing cloud security. 

Salesforce Public Link Abuse 

Salesforce, a well-known CRM system, holds essential records like accounts, leads, users, contracts, and files. These files, often called content documents, can be shared through public links. Varonis discovered an alarming SQL injection vulnerability in the Salesforce API, which could let attackers steal sensitive data. This aligns with the shared responsibility model in cloud security. Providers handle infrastructure and network security, while organizations manage data, identities, and permissions. Tasks like addressing SaaS vulnerabilities and monitoring activities fall to organizations, ensuring comprehensive and proactive data security. 

To protect against these threats, organizations should follow the principle of least privileges, limit the creation of public links, use temporary access, and keep an eye on any unusual activities. 

Okta and Active Directory: 

Several companies use Okta and Active Directory for single sign-on, making access more straightforward. However, if an Active Directory agent is compromised, it could let malicious actors access the identity provider and move freely between on-premises and cloud environments.  

okta-2-1

To spot these attacks, organizations should check for inconsistencies between Active Directory and Okta authentication logs. Using strong authentication methods, following security best practices, and using temporary credentials can help reduce the risk of compromised credentials. 

Copilot blast radius exploitation 

Copilot, an advanced AI-powered productivity assistant, integrates seamlessly with Microsoft 365 platforms like SharePoint to revolutionize workflow efficiency. Leveraging natural language processing and machine learning algorithms, it simplifies complex tasks, accelerates data retrieval, and enhances collaboration.

However, as with any AI-driven tool, its capabilities pose potential risks, highlighting the importance of robust data governance and cybersecurity measures in mitigating vulnerabilities and securing sensitive information. 

Copilot can index SharePoint sites and reveal data to users, which can be misused by malicious actors or insider threats who ask Copilot for sensitive information. To minimize this blast radius, organizations should watch out for dangerous prompts, separate public and sensitive data, and apply attribute-based access controls. 

Get started with our world-famous Data Risk Assessment.
Get your assessment
inline-cp

Practical steps for securing data in SaaS applications 

Securing SaaS applications is essential for modern organizations that rely heavily on cloud-based tools for daily operations. A proactive approach includes implementing strong authentication methods, restricting unnecessary access, and continuously monitoring for anomalies. Additionally, it is critical to apply the principle of least privilege, enforce robust data-sharing policies, and regularly audit permissions to ensure sensitive information remains protected. With these strategies in mind, organizations can better safeguard their data across various platforms. 

When it comes to Microsoft 365, its widespread use makes it a prime target for potential threats, underscoring the need for specific measures tailored to its environment. 

Microsoft 365: 

  • Block the creation of public links in SharePoint and enforce sharing with specific people 
  • Review and revoke unused access permissions periodically 
  • Use phishing-resistant, passwordless authentication methods 
  • Perform segregation of duties with separate accounts for administrative tasks 
  • Monitor for threats and unused access 
  • Organizations can create conditional access policies in Microsoft Entra to enforce authentication strength and manage access to sensitive files in SharePoint. 

Taking action on cloud security 

Cloud security is a shared responsibility, and proactive measures are essential to protect data.  

By understanding the shared responsibility model, asking the right questions, and implementing best practices, organizations can enhance their cloud security posture. It is important not to be overwhelmed by the complexity of cloud security; instead, use secure controls and monitor data movement to keep data safe. 

Take the next step in securing your data by getting a free Data Risk Assessment from Varonis today. Our experts will help you identify vulnerabilities, enhance your security protocols, and ensure your data remains protected.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

what-is-cloud-security?
What is Cloud Security?
The risks associated with cloud environments are only growing. This blog highlights the basics of cloud security to secure data in the cloud.
3-steps-to-get-ready-for-agentforce
3 Steps to Get Ready for Agentforce
Discover the risks of enabling Agentforce without proper data security and learn specific tactics to ensure a safe deployment.
overcoming-cloud-security-challenges:-key-risks-and-threats 
Overcoming Cloud Security Challenges: Key Risks and Threats 
Moving to the cloud brings several benefits, but it also means dealing with new security issues.
generative-ai-security:-preparing-for-salesforce-agentforce
Generative AI Security: Preparing for Salesforce Agentforce
See how Salesforce Agentforce's (formerly Einstein Copilot) security model works and the risks you must mitigate to ensure a safe and secure rollout.