“Cloudflare’s disclosure of the Salesloft/Drift incident stands out as a superb instance of transparency and accountability in cybersecurity reporting. Their weblog not solely offers clear technical element, but additionally brazenly accepts duty for the dangers posed by third celebration integrations,” Michal stated. “By committing to strengthen their SaaS environments and toolchain security going ahead, Cloudflare demonstrated each maturity and management in incident response, setting a excessive bar for a way organizations ought to talk, remediate, and reinforce belief within the aftermath of provide chain compromises.”
Revoking OAuth tokens
Erik Avakian, technical counselor at Information-Tech Analysis Group and former state CISO for the Commonwealth of Pennsylvania, advisable that customers ought to “be periodically revoking unused OAuth tokens and refreshing them, and implementing expiration the place attainable, all of that are practices in keeping with foundational zero belief rules.”
“This incident additionally highlights why one of these assault demonstrates the rise in SaaS threat. Once we’re trusting third-party apps with direct API entry, we’re actually trusting them to safeguard our auth tokens as rigorously as we might our passwords,” Avakian stated. “But when we give attention to and make use of a zero belief mindset throughout our surroundings, we actually ought to be treating third-party purposes and SaaS like some other exterior community.”
