Image Credit: weerapatkiatdumrong // Getty

SaaS apps are one of those segments of the attack surface that’s easy to overlook, but it only takes a single misconfiguration to leave valuable data exposed.

However, providers like Valence Security, which today announced it has closed a $25 million series A funding round, are aiming to help enterprises secure the SaaS landscape by connecting to apps throughout the organization’s environment and analyzing their configurations to identify data-sharing risks.

For enterprises, this solution from Valance Security aims to provide a framework for managing the sprawl of SaaS applications that have entered the workplace and introduced new risks that traditional network security approaches are ill-equipped to confront. 

Securing the SaaS risk landscape

The announcement comes as the SaaS landscape has exploded in the wake of the COVID-19 pandemic and the rapid adoption of remote working. Now research shows that the average enterprise has 364 apps. 

Each of these apps presents a unique security risk in the form of vulnerabilities and misconfigurations that security teams need to be prepared to address. Especially, when considering that threat actors are looking to exploit weaknesses in SaaS apps. 

One of the most notable examples of this is the GitHub attack campaign, where cybercriminals managed to hack dozens of GitHub repositories with stolen OAuth tokens to nab sensitive data and access codes. 

“In recent years, malicious actors have increasingly focused on exploiting vulnerabilities associated with the SaaS mesh including misconfigurations, overprivileged third-party integrations and unsecured SaaS supply chains, external oversharing of data, unmanaged/unsecured user identities and others,” said Yoni Shohet, CEO and cofounder of Valence Security. 

Valence Security addresses these threats by providing security teams with more visibility over apps deployed throughout the environment, so they can centrally define and enforce security policies around user access, configurations and privileges to eliminate potential entry points for attackers.   

A look at the SaaS security market 

Valence Security’s solution sits within the global SaaS security market, which researchers valued at $8.3 billion in 2021, and estimate will reach $21.2 billion by 2028. 

The organization is competing against a range of providers including Obsidian Security, a SaaS security platform that raised $90 million as part of a series C funding round earlier this year. Obsidian Security’s platform offers AI-driven, real-time threat detection to analyze user behavior and detect account takeover and malicious integrations that put SaaS apps and critical data at risk.  

Another competitor is Adaptive Shield, providing a platform that integrates with over 80 SaaS apps to monitor security posture, deliver security alerts on configuration drifts, and provide auto remediation capabilities. Adaptive Shield most recently raised $30 million as part of a series A funding round in October 2021. 

Shohet says that Valence Security’s visibility over business context differentiates it from competitors. “Other SaaS security solutions fail to provide security teams with the visibility and business context they need to effectively understand, prioritize and respond to SaaS mesh risks,” he said.