Introducing AppOmni's New AI-Driven SaaS Security Expert: Harnessing Generative Technology for Enhanced Protection

Enterprises are increasingly reliant on Software as a Service (SaaS) applications, with large organizations using up to 371 applications, a 32% increase since 2021. However, these applications often function in silos across departments, leading to a lack of oversight and clarity on usage. Without proper configuration, they can expose organizations to significant security risks.

Addressing SaaS Security Challenges

Joseph Thacker, principal AI engineer for SaaS Security Posture Management (SSPM) provider AppOmni, emphasizes that the complexity of today’s SaaS apps often necessitates specialized expertise to secure them. “No organization has that level of expertise, which results in overburdened security teams struggling to manage various security settings.”

To streamline security management, AppOmni recently introduced AskOmni, a generative AI-powered SaaS security assistant. This tool allows users to pose essential security questions in plain language and receive actionable insights and remediation steps. “It’s effectively a SaaS security expert,” Thacker elaborated.

The Complexity and Noise of SaaS Security

Thacker argues that enterprises frequently underestimate SaaS security, despite it being critical to protecting core intellectual property and sensitive data. Organizations must shift their perspective on SaaS security, as threat actors can penetrate systems by accessing data directly, creating an entirely new threat landscape.

The growing number of applications contributes to overwhelming security alerts, which can sometimes feel like an avalanche. “It’s shadow IT all over again,” Thacker remarked, likening AI to a new form of shadow IT. With constant updates from platforms like Salesforce and Microsoft 365, discerning where to focus efforts presents another challenge.

“Understanding the extent of what’s being used within your organization is crucial to keeping up,” he noted. While security alerts abound, much of the noise is non-threatening; real malicious activity is often limited but consists of multiple low-level risks.

Challenges of Permissions Management

Permissions management is notoriously challenging in the SaaS landscape. For instance, if organizations want to compare username-to-admin correlations in audit logs across different applications, inconsistencies in field names complicate the process. “Most employees have access to far too much data,” Thacker said, making tracing and managing permissions problematic.

Introducing AskOmni

To combat these challenges, AskOmni, currently in tech preview and set for phased rollout in 2024, employs generative AI and natural language queries for SaaS security inquiries. Users can ask the system to clarify the SaaS applications in use and understand AppOmni’s security features.

The platform performs contextual analysis, aggregates disparate data points to identify security issues, and communicates these in accessible language, guiding users through remediation processes. AskOmni alerts administrators about privilege overprovisioning issues, monitors user permissions, and flags new threats, outlining potential consequences and remediation actions.

The Future of AI in SaaS Security

Thacker envisions a future where AskOmni can tackle comprehensive inquiries, such as prioritizing remediation efforts or securing accounts for former employees. “The killer feature will be when we can pose a single question about the entire AppOmni instance,” he stated.

While enabling AI to access all tenant data is still aspirational, advancements in models will enhance capabilities and reduce costs. Thacker believes we are just beginning to explore AI's potential.

“Many focus on AI's limitations,” he asserted. “These can be overcome with increased context and resources that support the underlying model.”

Ultimately, “AI will revolutionize operations, increasing utility and reducing effort, allowing us to focus on addressing new challenges.”