Adaptive Shield

Understanding The Risks of Public Links in SaaS Platforms

Understanding The Risks of Public Links in SaaS Platforms
2 min read
#Adaptive Shield
Table Of Content

While the ability to share links, files, repositories, and boards with anyone on any SaaS applications such as Microsoft, Github, and Miro enhances collaboration, it can lead to data leakage. This article provides insights into three commonly encountered data leakage scenarios - turning proprietary code public, the unexpected risks of publicly accessible calendars, and collaborations with external service providers, and offers safe sharing best practices.

Inadvertently Publicizing Proprietary Code

Data leaks from GitHub repositories, mainly due to user errors, have previously affected major brands like X (formerly Twitter). These leaks typically expose sensitive data like OAuth tokens, API keys, usernames, passwords, encryption keys, and security certificates. Therefore, securing code within GitHub repositories is an absolute necessity.

The Hidden Risks with Public Calendars

Publicly shared calendars, though they may initially seem harmless, can contain a wealth of information that could be beneficial to cybercriminals, such as meeting invitations with videoconference links and passwords. This data can be used for phishing or social engineering attacks.

Working with External Service Providers

Though SaaS apps make collaborations with external service providers a breeze, these often involve members who have short-term access to shared documents and boards. This can result in perpetual accessibility to project files by interlopers and come with potential security implications.

saas-attack

Ensuring Secure File Sharing

SaaS Security firm Adaptive Shield suggests that companies adhere to the following safe file sharing best practices:

  • Always share files with individual users, requiring authentication.
  • Avoid sharing via "anyone with the link".
  • Set expiration dates for shared files and file-sharing invitations, if possible.
  • Revoke share permissions from public documents that are no longer in use.

Furthermore, organizations should use a SaaS security tool that can identify publicly shared resources that need to be remedied. It allows businesses to gauge the risk associated with publicly shared files better, and guide them towards fortifying vulnerable files.

Keep yourself informed about cybersecurity trends by following us on Twitter and LinkedIn.