Obsidian Security recently discussed the complexity of enforcing Single Sign-On (SSO) within Salesforce and frequently encountering misconfigurations. Notably, 60% of Obsidian’s customers initially have local access without Multi-Factor Authentication (MFA) configured for Salesforce, highlighting a significant security gap that Obsidian diligently works to secure. Securing SaaS. The Hidden Vulnerability Application owners who manage Salesforce daily often remain unaware of this misconfiguration. Despite their deep knowledge of Salesforce management, local access without MFA presents an overlooked vulnerability. This situation raises concerns about the security of other SaaS applications, especially those without developed expertise or knowledge. If you have concerns about your configuration, Tectonic can help. Attacker Focus and Trends Attackers have historically targeted the Identity Provider (IdP) space, focusing on providers like Okta, Microsoft Entra, and Ping. This strategy offers maximal impact, as compromising an IdP grants broad access across multiple applications. Developing expertise to breach a few IdPs is more efficient than learning the diverse local access pathways of numerous SaaS vendors. Over the past 12 months, nearly 100% of the breaches that required Obsidian’s intervention through CrowdStrike or other incident response partners were IdP-focused. Notably, 70% of these breaches involved subverting MFA, often through methods like SIM swapping. In instances where local access bypasses the IdP, 95% of the time it lacks MFA. Recent discussions around Snowflake have brought attention to “shadow authentication,” defined as unsanctioned means to authenticate a user within an application. Obsidian Security has observed an increase in brute force attacks against SaaS applications via local access pathways over the last two weeks, indicating a growing awareness of this attack vector. Future Expectations Attackers continually seek easy and efficient pathways. Over the next 12 months, local access or shadow authentication is expected to become a major attack vector. Organizations must proactively secure these pathways as attackers shift their focus. What You Can Do How Obsidian Helps Salesforce Security partners offers robust solutions to address these challenges: By leveraging partner capabilities, organizations can enhance their security posture, protecting against evolving threats targeting local access and shadow authentication. The post “The Growing Importance of Securing Local Access in SaaS Applications” appeared first on Obsidian Security. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more