The Chief Information Security Officer at JP Morgan Chase, Mr. Patrick Opet, calls for stringent action by all SaaS providers to strengthen the security of software delivery environments, as these become more and more vulnerable to cyber attacks.
He insists that:
- Software providers must prioritize security over rushing features. Comprehensive security should be built in or enabled by default.
- We must modernize security architecture to optimize SaaS integration and minimize risk.
- Security practitioners must work collaboratively to prevent the abuse of interconnected systems.
Today, an attack on one major SaaS or PaaS provider can immediately ripple through its customers. This fundamental shift demands our collective immediate attention.
This risk is further compounded by inadequately secured authentication tokens, software providers gaining privileged access to customer systems without explicit consent or transparency, and opaque fourth-party vendor dependencies. This weakness is known to attackers who are now actively targeting trusted integration partners.
Companies should work towards building sophisticated authorization methods, advanced detection capabilities, and proactive measures to prevent the abuse of interconnected systems.
He concludes by saying, “The most effective way to begin change is to reject these integration models without better solutions.”
