Obsidian Security recently discussed the complexity of enforcing Single Sign-On (SSO) within Salesforce and frequently encountering misconfigurations. Notably, 60% of Obsidian’s customers initially have local access without Multi-Factor Authentication (MFA) configured for Salesforce, highlighting a significant security gap that Obsidian diligently works to secure. Securing SaaS. The Hidden Vulnerability Application owners who manage Salesforce daily often remain unaware of this misconfiguration. Despite their deep knowledge of Salesforce management, local access without MFA presents an overlooked vulnerability. This situation raises concerns about the security of other SaaS applications, especially those without developed expertise or knowledge. If you have concerns about your configuration, Tectonic can help. Attacker Focus and Trends Attackers have historically targeted the Identity Provider (IdP) space, focusing on providers like Okta, Microsoft Entra, and Ping. This strategy offers maximal impact, as compromising an IdP grants broad access across multiple applications. Developing expertise to breach a few IdPs is more efficient than learning the diverse local access pathways of numerous SaaS vendors. Over the past 12 months, nearly 100% of the breaches that required Obsidian’s intervention through CrowdStrike or other incident response partners were IdP-focused. Notably, 70% of these breaches involved subverting MFA, often through methods like SIM swapping. In instances where local access bypasses the IdP, 95% of the time it lacks MFA. Recent discussions around Snowflake have brought attention to “shadow authentication,” defined as unsanctioned means to authenticate a user within an application. Obsidian Security has observed an increase in brute force attacks against SaaS applications via local access pathways over the last two weeks, indicating a growing awareness of this attack vector. Future Expectations Attackers continually seek easy and efficient pathways. Over the next 12 months, local access or shadow authentication is expected to become a major attack vector. Organizations must proactively secure these pathways as attackers shift their focus. What You Can Do How Obsidian Helps Salesforce Security partners offers robust solutions to address these challenges: By leveraging partner capabilities, organizations can enhance their security posture, protecting against evolving threats targeting local access and shadow authentication. The post “The Growing Importance of Securing Local Access in SaaS Applications” appeared first on Obsidian Security. Like Related Posts Who is Salesforce? Who is Salesforce? Here is their story in their own words. From our inception, we’ve proudly embraced the identity of Read more Salesforce Marketing Cloud Transactional Emails Salesforce Marketing Cloud Transactional Emails are immediate, automated, non-promotional messages crucial to business operations and customer satisfaction, such as order Read more Salesforce Unites Einstein Analytics with Financial CRM Salesforce has unveiled a comprehensive analytics solution tailored for wealth managers, home office professionals, and retail bankers, merging its Financial Read more AI-Driven Propensity Scores AI plays a crucial role in propensity score estimation as it can discern underlying patterns between treatments and confounding variables Read more