Has the success of SaaS and cloud made organizations lazy when it comes to security?

I’m concerned companies have become lazy about security by thinking their system is bulletproof because they’ve invested a significant amount of money in SaaS solutions. For example, you may give an intern more access than they probably should have because you think the system is going to safeguard you. Many are designed in a way (Salesforce included)  that if somebody changes one small thing, it's not going to completely shut down. It’s a great product and we know that it's safe, but there is still risk of exposure that shouldn’t be ignored or provide a false sense of security.

Anonymous Author
I’m concerned companies have become lazy about security by thinking their system is bulletproof because they’ve invested a significant amount of money in SaaS solutions. For example, you may give an intern more access than they probably should have because you think the system is going to safeguard you. Many are designed in a way (Salesforce included)  that if somebody changes one small thing, it's not going to completely shut down. It’s a great product and we know that it's safe, but there is still risk of exposure that shouldn’t be ignored or provide a false sense of security.
3 upvotes
Anonymous Author
It has made some of us lazy, and I’ve argued with one of those people. No matter how many explanations I gave for why the responsibility still lies with you, he still said, "If I give my data to a SaaS provider, they're the ones responsible and I don't have to worry about it." My final example was: If everyone in your company uses a 24-character password strategy, how good is that security? It seems bulletproof because nobody can guess a 24-character password—except for the person looking at the one guy with his password written on a sticker that’s stuck to his monitor. That’s the problem: Too much of our security depends on us being on point all day long. If you've done physical security, for instance, you know never to ask someone to stay at a monitor watching 1 environment for more than 1 hour at a time. That’s because the human mind can't focus on that monitor and stay open to changes on it for more than an hour.
0 upvotes
Anonymous Author
The tools are smart and we can teach them to a certain point. Look at Armorblox for example: Until a month ago, I was telling my clients, "No, I can't do anything about spoofing." But now I can. When you deploy a tool like that, you can let your guard down and think, "I've got this smart tool out there that's looking for x." But if the human behavior is such that they're no longer looking for x and one gets through, you're dead in the water and that's all it takes. You can defend anything as much as you want, but the people trying to offend are just going to keep trying until they find success and they just exhaust you that way.
1 upvotes
Anonymous Author
I’ve seen plenty of examples of companies not in cloud m environments that are as lazy. SaaS and cloud has made things better overall, but new challenges are abundant!
0 upvotes
Anonymous Author
Complacent perhaps
2 upvotes