With many thanks to Boris Gorin, Canonic Security’s CEO and Co-Founder, Aviva Zacks of Safety Detectives found out why his company focuses on SaaS with its AppTotal.
Safety Detectives: What motivated you to start Canonic Security?
Boris Gorin: From my significant background in SaaS security, I started to see gaps in security and recognized that while SaaS adoption continued to exponentially grow, our industry was not addressing the security challenges that came along with the modernized digitally transformed SaaS-native security platforms. Traditional security solutions were not designed to protect SaaS-native security platforms and because of this, vulnerabilities were increasing for those infrastructures not paying close attention to the interactions between processes, platform integrations, and API calls. It became clear that our industry needed more visibility into data so that security and governance teams could have a complete view of any vulnerabilities in their infrastructure among thousands of dynamically changing apps.
SD: What do you love about working in cybersecurity?
BG: Cybersecurity has always been driven by a tightly-knit community of innovators. Inevitably, the nature of innovation pushes our community to create a home-grown toolset to get the job done. I tend to focus on helping the cybersecurity community do the best job that we can together. In the context of Canonic Security, SaaS app security is a case in point. We believe that is where the low-hanging fruit lies—for the attackers first and foremost. I’ve been in cybersecurity long enough to understand that any attack vector interesting to actual attackers and white hat Red Teams will trickle down throughout the enterprise. We see that dynamic playing out in the domain of SaaS security as well.
SD: What is Canonic Security’s flagship product?
BG: AppTotal is the industry’s first publicly available community offering that automatically assesses the risks involved with OAuth apps. It essentially builds on Canonic Security’s app sandboxing technology, and dynamically scans SaaS add-ons for vulnerabilities and suspicious or malicious behavior.
AppTotal lets organizations profile third-party apps’ permissions and access, posture, and behavior before connecting them to IT-approved applications. It is the first independent and continuously updated SaaS add-ons and integrations index, starting with Google Workspace, Microsoft 365/Azure, and Slack, with Atlassian, Salesforce, and others coming soon.
With AppTotal, anyone can:
- Assess the risks involved with third-party apps before granting them access to your environment
- Uncover the app and publisher behind any OAuth client ID
- Analyze the behavior of third-party apps within your SaaS platform
It’s also a community tool, and we’d love to get reader feedback!
SD: How does Canonic Security stay competitive in a world filled with cybersecurity companies?
BG: Business continuity will continue to heavily rely on SaaS apps and low code automation as companies continue to integrate third-party APIs on top of subscription based platforms. While businesses are taking full advantage of the ease and access of interconnected apps, the resulting productivity benefits increase the risks associated with a growing attack surface. Canonic Security’s app governance platform provides full visibility over apps and API integrations with access intelligence, vulnerability insight, and the industry’s first free community application security sandbox. Canonic is redefining SaaS application security with this unique sandbox environment that provides users with quick access to simulate and vet third-party integrations—a very valuable resource for companies as they grow increasingly more dependent on interconnected SaaS apps.
SD: How is the pandemic changing cybersecurity for the future?
BG: As organizations continue to adopt remote working regardless of health risks, employees are driven to use cloud services to get the job done. That means taking a closer look at how third-party platforms share sensitive data and present new risks for companies that are not necessarily SaaS-borne. It is imperative for enterprises immersed in technological innovation driving a shift in business culture to rethink SaaS application governance so that the required checks and balances are in place when it comes to data, system, and account access. Unfortunately, many companies are just starting to realize that SaaS environments are uniquely exposed to attackers and easy to miss vulnerabilities. Accelerated by the adoption of more cloud platforms, security teams and business decision-makers alike are reimagining how to approach SaaS security in general and third-party app governance in particular.