The Quiet Erosion: SaaS Security and the Weakening Global Economic System

 

The proliferation of the ‘software as a service’ (SaaS) delivery model has fundamentally reshaped how businesses operate, offering unprecedented convenience, scalability, and efficiency. This technological shift has been instrumental in driving innovation and fostering agility across various industries, making SaaS the default and often the exclusive format for software consumption. However, this widespread embrace of SaaS has inadvertently cast a long shadow on the global economic landscape, as its inherent architecture and the competitive dynamics surrounding its provision have quietly cultivated a substantial vulnerability . The concentration of critical infrastructure within a small number of leading SaaS providers, coupled with the dismantling of traditional security boundaries through modern integration patterns, has created single points of failure with potentially catastrophic system-wide consequences.¹ While SaaS delivers numerous advantages, this centralization of services by dominant providers introduces new and significant risks that demand immediate and comprehensive attention.¹

The inherent security paradox of SaaS lies in the very characteristics that make it appealing. Its convenience and scalability are intertwined with an expanded attack surface and a greater potential for widespread impact from security breaches.¹ The integrated nature of SaaS platforms, where a single compromised identity can grant access to a multitude of interconnected applications, allows threat actors to move laterally across systems with alarming ease.² This interconnectedness, while fostering seamless workflows and data sharing, simultaneously magnifies the consequences of any security weakness, outage, or breach . The historical paradigm of distributed software across diverse environments, each with unique security practices, inherently limited the scale of any single breach . Today, an attack on one major SaaS or Platform as a Service (PaaS) provider can immediately ripple through its vast customer base, creating a domino effect with potentially devastating economic repercussions . Therefore, securing SaaS is no longer merely a matter of data protection for individual organizations but a critical imperative for safeguarding business continuity and the stability of the global economic infrastructure.

The escalating threat landscape targeting SaaS environments necessitates a fundamental shift in how we approach security. Traditional security models, often predicated on network perimeters, are proving inadequate against the complexities and distributed nature of SaaS.² The imperative is to move towards more adaptive and comprehensive security strategies that address the unique challenges introduced by this dominant software delivery model.

The increasing reliance on a limited number of leading SaaS providers has embedded a significant concentration risk into the global economic system and critical infrastructure . Organizations, often with little alternative, find themselves heavily dependent on these providers, amplifying the potential impact of any weakness, outage, or breach . This concentration transforms localized incidents into systemic risks, where a failure at a major provider can trigger widespread disruptions across numerous dependent businesses and sectors . The historical model of software distribution across diverse environments inherently limited the scope of any single security incident . However, the contemporary landscape, dominated by a few hyperscale cloud providers, presents a scenario where a successful attack on one can have cascading and far-reaching consequences, affecting a multitude of downstream customers simultaneously .

The convenience of modern SaaS integration patterns, heavily reliant on identity protocols like OAuth, has inadvertently eroded traditional security boundaries . These patterns facilitate direct and often unchecked interactions between third-party services and an organization's sensitive internal resources . In essence, authentication and authorization processes have become overly simplified, establishing single-factor trust relationships between systems on the internet and private internal resources . This architectural shift bypasses decades of carefully architected security measures that enforced strict segmentation between trusted internal resources and untrusted external interactions . External interaction layers, such as APIs and websites, were intentionally separated from core backend systems, applications, and data. Modern integration models, however, dismantle these essential boundaries, creating direct pathways that, if compromised, can grant attackers unprecedented access to confidential data and critical internal communications .

Furthermore, the intense competition within the SaaS market has often led software providers to prioritize the rapid rollout of new features over the implementation of robust security measures . This pursuit of market share at the expense of security frequently results in rushed product releases that lack comprehensive security features built in or enabled by default . These oversights create repeated opportunities for attackers to exploit vulnerabilities, exposing entire customer ecosystems to significant risk and fostering an unsustainable situation for the global economic system . The pressure to innovate and capture market share can inadvertently lead to a dangerous trade-off, where fundamental security considerations are relegated to a secondary concern, ultimately undermining the stability and trustworthiness of the SaaS model.

The past year has witnessed a concerning surge in cybersecurity incidents involving major SaaS providers, serving as stark reminders of the vulnerabilities inherent in this delivery model. In March 2025, a significant breach of Oracle Cloud resulted in the exfiltration of 6 million records, impacting over 140,000 tenants.³ This incident, attributed to the exploitation of a known vulnerability in Oracle Fusion Middleware, specifically CVE-2021-35587 affecting Oracle Access Manager, exposed sensitive authentication data and raised concerns about potential credential compromise.³ The targeted subdomain was running an outdated version of the software, highlighting the critical need for robust patch management practices.³

The year 2024 saw an alarming 300% increase in SaaS breaches, impacting major technology and telecommunications companies like Microsoft and AT&T.² This surge underscores a significant shift in the cyber threat landscape, aligning with the exponential growth in SaaS adoption.⁵ These breaches serve as clear indicators that the increasing reliance on SaaS is accompanied by a corresponding rise in security risks.

In February 2025, Genea, a prominent fertility clinic in Australia, suffered a ransomware attack that led to the theft of 940GB of sensitive patient data, including medical records and personal details, which were subsequently leaked on the dark web.¹¹ The same month, Bybit, a major cryptocurrency exchange, experienced a security breach resulting in the theft of $1.5 billion worth of Ethereum, highlighting the high-value targets that SaaS platforms can represent for cybercriminals.¹¹

A notable campaign in 2024 targeted customers of Snowflake, including Ticketmaster, Santander Bank, and AT&T.² These breaches were attributed to customer-side issues, primarily the lack of enforced multi-factor authentication (MFA), allowing attackers to leverage stolen credentials.¹² The impact was significant, with AT&T alone reporting the leak of 109 million customer records.¹²

Microsoft also experienced a significant breach in January 2024, where the nation-state actor Midnight Blizzard exploited a series of misconfigurations to access sensitive company emails and, subsequently, source code.¹² The attackers initially gained access through a password spray attack on an account lacking MFA and then leveraged a legacy OAuth application with excessive privileges.¹²

In April 2024, Dropbox Sign suffered a breach due to compromised privileged service accounts, leading to the exposure of sensitive customer data, including emails, usernames, and hashed passwords.¹¹ This incident underscored the persistent challenges in securing non-human identities within SaaS environments.¹²

These incidents, among others, highlight the critical role of identity compromise, misconfigurations, and supply chain vulnerabilities as primary causes of SaaS breaches.³ The lessons learned from these events underscore the urgent need for a more proactive and robust approach to SaaS security.

The vulnerabilities inherent in the modern SaaS landscape extend beyond just concentration risk. Inadequately secured authentication tokens present a significant point of weakness . Attackers are increasingly targeting these tokens, recognizing that their compromise can grant direct and persistent access to SaaS environments, often bypassing even multi-factor authentication (MFA).¹⁹ Techniques such as vendor compromise, malware, and adversary-in-the-middle attacks are prevalent methods for obtaining these valuable tokens.¹⁹ The breaches at platforms like Heroku and GitHub serve as prime examples of the severe consequences that can arise from OAuth token theft, allowing unauthorized access to sensitive data for extended periods.²⁰

The issue of privileged access by SaaS providers also introduces considerable risks . While necessary for maintenance and support, the potential for abuse or compromise of these elevated access levels is a major concern . Privileged accounts, by their nature, offer a direct pathway to critical systems and sensitive data, making them highly attractive targets for malicious actors in SaaS environments.²¹ The principle of least privilege, crucial in all security contexts, takes on even greater importance in the consolidated and interconnected world of SaaS, where the misuse of privileged access can have widespread ramifications.²²

Furthermore, the opaque nature of fourth-party vendor dependencies within the software supply chain silently amplifies the risks associated with SaaS . Organizations often lack visibility into the security practices of these downstream vendors, despite the fact that a significant percentage of companies have indirect relationships with breached fourth parties.²³ These dependencies can introduce vulnerabilities that extend far beyond an organization's direct control, leading to severe financial, operational, and reputational consequences if a fourth-party vendor experiences a security incident.²⁴ The interconnectedness of the SaaS ecosystem means that a weakness in a seemingly distant part of the supply chain can ultimately compromise the security of numerous organizations.

Cyber attackers are rapidly adapting their tactics to exploit the interconnected nature of the SaaS landscape, increasingly targeting not just individual organizations but also the SaaS providers and their integration partners . Threat actors have come to recognize the relatively vulnerable state of these interconnected SaaS applications as fertile hunting grounds.⁶ The numerous SaaS-to-SaaS connections that streamline workflows and enhance functionality also create hidden pathways into an organization's most sensitive data, often existing outside the purview of traditional security scanning and monitoring tools.²⁵

The reliance on modern identity protocols like OAuth, while intended to simplify integration and enhance user experience, has also become a significant attack vector . OAuth2's widespread adoption has made it a prime target for attackers, and the complexity of the protocol often leads to misconfigurations that create security holes.²⁶ Consent phishing, a sophisticated attack method, leverages legitimate authorization protocols that use OAuth 2.0 to trick users into granting permissions to malicious applications, providing attackers with persistent access to corporate SaaS resources.²⁷ Unlike traditional phishing, consent phishing bypasses multi-factor authentication because it doesn't directly target user credentials.²⁸

The software supply chain, particularly within the SaaS ecosystem, presents a growing risk . SaaS supply chain attacks are on the rise, with attackers increasingly exploiting overlooked misconfigurations, stolen credentials, and API manipulations to gain access to critical systems and sensitive data.²⁹ These attacks often involve injecting malicious code into vendor software or leveraging compromised third-party services to infiltrate SaaS platforms, demonstrating the evolving sophistication of threat actors targeting the interconnected web of SaaS applications and their dependencies.³⁰

The increasing prevalence of SaaS vulnerabilities and breaches carries significant economic consequences that extend beyond individual organizations to potentially weaken the global economic system. While SaaS adoption has demonstrably led to reduced IT costs and fostered innovation, the escalating security risks threaten to undermine these benefits.³¹ The global SaaS market, projected to reach hundreds of billions of dollars, underscores the vast economic landscape that is potentially at risk.³² The average cost of a SaaS breach, now reaching millions of dollars, encompasses not only immediate financial losses but also long-term reputational damage and the erosion of customer trust.⁵

The concentration of critical infrastructure and financial institutions on a small number of cloud and SaaS providers introduces a systemic risk with potentially catastrophic economic ramifications.³³ Central banks and regulatory bodies are increasingly concerned about this cloud concentration risk, recognizing the potential for a single point of failure to trigger widespread financial instability.³³ The lack of clear regulations mandating diversification among cloud providers further exacerbates this concern, leaving the global financial system potentially vulnerable to disruptions affecting major SaaS platforms.³³

Regulatory bodies are beginning to address these risks, with initiatives aimed at ensuring the resilience and stability of the financial sector in the face of increasing cloud adoption.³⁵ The Bank of England has called for regulations promoting diversity in cloud providers, and the European Union's Digital Operational Resilience Act (DORA) seeks to manage third-party ICT risk within the financial sector.³³ These efforts signify a growing awareness of the need for regulatory frameworks to mitigate the systemic risks associated with cloud concentration and the reliance on SaaS.

Addressing the escalating security challenges posed by SaaS requires a fundamental modernization of security architectures, moving beyond the limitations of legacy models that were designed for on-premise environments.² Traditional security measures, often focused on perimeter defense, are proving insufficient in the face of the distributed and interconnected nature of SaaS.² The concept of a trusted internal network versus an untrusted external network is increasingly blurred, necessitating a shift towards more dynamic and context-aware security paradigms .

Zero Trust architecture has emerged as a critical framework for modernizing SaaS security . Operating on the principle of "never trust, always verify," Zero Trust mandates stringent identity verification for every user and device attempting to access resources, regardless of their location.³⁷ This approach eliminates the assumption of trust based on network location and ensures continuous authentication and authorization across the entire digital estate.³⁹

Complementing Zero Trust, micro-segmentation plays a vital role in containing breaches and limiting the potential for lateral movement within SaaS environments.⁴⁰ By dividing the network into smaller, isolated segments, micro-segmentation restricts an attacker's ability to propagate across systems, minimizing the impact of a successful compromise.⁴⁰ This granular level of control aligns perfectly with the least privilege principles of Zero Trust, ensuring that access is granted only to the resources necessary for a specific task.⁴⁰

Furthermore, the increasing sophistication of identity-based attacks in SaaS highlights the critical need for Identity Threat Detection and Response (ITDR) solutions.⁴² ITDR focuses specifically on identifying, detecting, and mitigating threats targeting user identities and access management systems within SaaS environments.⁴² By continuously monitoring user behavior, login patterns, and privileged access, ITDR can detect anomalies and suspicious activities that may indicate compromised accounts or malicious insiders, providing an essential layer of defense in the SaaS security landscape.⁴²

To further enhance control and resilience in the SaaS ecosystem, several emerging solutions are gaining traction. Confidential computing offers a promising approach by utilizing secure enclaves to protect sensitive data even while it is being processed in the cloud.⁴³ This technology provides hardware-level isolation, ensuring data confidentiality and integrity against insider threats and even the cloud service providers themselves.⁴³ Deployment models like customer self-hosting and bring your own cloud (BYOC) are also gaining popularity, offering organizations greater control over their data and security by allowing them to deploy and manage SaaS applications within their own infrastructure.⁴⁵

In addition to these architectural and deployment strategies, the strategic deployment of Cloud Access Security Brokers (CASBs) and SaaS Security Posture Management (SSPM) tools is becoming increasingly vital.⁴⁷ CASBs provide visibility and control over data and user activity within SaaS applications, enabling organizations to enforce security policies and manage shadow IT.⁴⁷ SSPM solutions focus on proactively managing and improving the overall security posture of SaaS environments by automating the assessment and remediation of misconfigurations and vulnerabilities.⁴⁷ These tools offer a centralized approach to monitoring and managing the security of an organization's entire SaaS portfolio, ensuring compliance and reducing the risk of breaches.⁴⁸

Achieving a robust security posture in the SaaS era requires a fundamental shift in priorities, with security taking center stage alongside rapid feature development.⁴⁵ Experts across the industry increasingly emphasize the critical need for software providers to prioritize security throughout the entire software development lifecycle, moving beyond mere slogans to demonstrable evidence of effective controls.⁴⁹ Fostering a security-first culture within development teams, implementing proactive risk assessment strategies, and leveraging developer-friendly security tooling and automation are crucial steps in this direction.⁵⁰ Furthermore, continuous monitoring, proactive threat detection, and rapid incident response capabilities are essential for identifying and mitigating security threats in the dynamic SaaS landscape.⁵¹

The challenge of securing SaaS is a shared responsibility, demanding a collective call to action from software providers, security practitioners, and organizations adopting SaaS. The urgency of the situation cannot be overstated, as the escalating risks associated with SaaS adoption pose a significant threat to the global economic system.

Recommendations:

●       Software Providers: Security must be elevated to an equal or higher priority than feature development. Comprehensive security should be built into SaaS offerings by default or enabled seamlessly. Transparency regarding security risks and the effectiveness of implemented controls is paramount. Continuous, demonstrable evidence of working security controls, beyond annual compliance checks, should be provided to customers.

●       Security Practitioners: Collaboration is essential to prevent the abuse of interconnected systems. Security architectures must be modernized to optimize SaaS integration while minimizing risk, with a strong emphasis on sophisticated authorization methods and advanced detection capabilities. Proactive measures to prevent the abuse of interconnected systems should be prioritized. Integration models that do not offer adequate security should be critically evaluated and rejected in favor of more robust solutions. Continuous SaaS security risk assessments and real-time monitoring are crucial for maintaining a strong security posture.

●       Organizations Adopting SaaS: A thorough understanding of the shared responsibility model is essential. Strong authentication controls, including the mandatory enforcement of MFA, should be implemented across all user accounts. The adoption of Zero Trust principles and micro-segmentation is crucial for limiting the attack surface and containing potential breaches. Organizations must gain comprehensive visibility into their SaaS usage, including shadow IT and third-party integrations, and conduct regular security assessments of their SaaS vendors. Emerging security solutions like confidential computing, customer self-hosting, and BYOC should be considered for highly sensitive data to enhance control and resilience.

By embracing collaboration, prioritizing transparency, and adopting a proactive security posture, the future of the SaaS ecosystem and the stability of the global economy can be better safeguarded against the growing tide of cyber threats. The time for decisive and collective action is now.

Works cited

1.     Risk concentration in the cloud: How to enhance Resilience | Swiss Re, accessed April 27, 2025, https://www.swissre.com/risk-knowledge/advancing-societal-benefits-digitalisation/risk-concentration-in-the-cloud.html

2.     SaaS Breaches Skyrocket 300% as Traditional Defenses Fall Short - Infosecurity Magazine, accessed April 27, 2025, https://www.infosecurity-magazine.com/news/saas-breaches-defenses-short/

3.     The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated ..., accessed April 27, 2025, https://www.cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over-140k-tenants

4.     List of Recent Data Breaches in 2025–2024 - Bright Defense, accessed April 27, 2025, https://www.brightdefense.com/resources/recent-data-breaches/

5.     SaaS security is under attack as breaches surge 300 percent | Okoone, accessed April 27, 2025, https://www.okoone.com/spark/product-design-research/saas-security-is-under-attack-as-breaches-surge-300-percent/

6.     Obsidian Security, accessed April 27, 2025, https://www.obsidiansecurity.com/news/obsidian-security-launches-2025-saas-security-threat-report

7.     Obsidian report reveals 300% surge in SaaS breaches - SecurityBrief UK, accessed April 27, 2025, https://securitybrief.co.uk/story/obsidian-report-reveals-300-surge-in-saas-breaches

8.     SaaS Data Breaches on the Rise - PDI Security & Network Solutions, accessed April 27, 2025, https://security.pditechnologies.com/blog/saas-data-breaches-on-the-rise/

9.     Obsidian Security Launches 2025 SaaS Security Threat Report Revealing 300% Year-Over-Year Surge in SaaS Breaches - Business Wire, accessed April 27, 2025, https://www.businesswire.com/news/home/20250127824236/en/Obsidian-Security-Launches-2025-SaaS-Security-Threat-Report-Revealing-300-Year-Over-Year-Surge-in-SaaS-Breaches

10.  Obsidian Security's SaaS Security Threat Report 2025, accessed April 27, 2025, https://www.obsidiansecurity.com/saas-security-threat-report

11.  Recent SaaS Data Breach Examples - Database | Metomic, accessed April 27, 2025, https://www.metomic.io/saas-breach-database

12.  2024 SaaS Security Breaches: Lessons Learned - Valence Security, accessed April 27, 2025, https://www.valencesecurity.com/resources/blogs/2024-saas-security-breaches-lessons-learned

13.  Top 5 SaaS Data Breaches - SEM Shred, accessed April 27, 2025, https://www.semshred.com/top-5-saas-data-breaches/

14.  Recent Cybersecurity Attacks and Data Breaches – 2025 | Intellizence, accessed April 27, 2025, https://intellizence.com/insights/business-signals-trends/major-cyber-attacks-data-breaches-leading-companies/

15.  CrowdStrike SaaS Security Risk Review | Infographic, accessed April 27, 2025, https://www.crowdstrike.com/content/crowdstrike-www/locale-sites/us/en-us/resources/infographics/saas-security-risk-review.html

16.  What 2024's SaaS Breaches Mean for 2025 Cybersecurity - AppOmni, accessed April 27, 2025, https://appomni.com/blog/saas-security-predictions-2025/

17.  12 Biggest Cybersecurity Headlines in 2024: Key Insights for CIOs ..., accessed April 27, 2025, https://www.scybers.com/insight/12-biggest-cybersecurity-headlines-in-2024-key-insights-for-cios-and-ctos-for-2025

18.  2025 SaaS Security Predictions: What Every CISO Needs to Know, accessed April 27, 2025, https://wing.security/saas-security/2025-saas-security-predictions-what-every-ciso-needs-to-know/

19.  start.obsidiansecurity.com, accessed April 27, 2025, https://start.obsidiansecurity.com/rs/124-DIV-269/images/combat-saas-token-compromise-obsidian_sb.pdf

20.  OAuth Token: What It Is, How It Works, and Its Vulnerabilities - AppOmni, accessed April 27, 2025, https://appomni.com/blog/oauth-token-what-it-is-how-it-works-and-its-vulnerabilities/

21.  6 Alarming Risks of Overlooking Privileged Access Management ..., accessed April 27, 2025, https://www.cloudeagle.ai/blogs/6-alarming-risks-of-overlooking-privileged-access-management

22.  Observing Privilege to Reduce Risk in Software-as-a-Service (SaaS) - Security Magazine, accessed April 27, 2025, https://www.securitymagazine.com/articles/92195-observing-privilege-to-reduce-risk-in-software-as-a-service-saas

23.  How to Manage Your 4th Party Vendors - Aravo, accessed April 27, 2025, https://aravo.com/blog/how-to-manage-your-4th-party-vendors/

24.  Managing Fourth-Party Risks: An Overlooked Challenge In Cyber Security, accessed April 27, 2025, https://cybersecurityasia.net/managing-fourth-party-risks/

25.  How SaaS-to-SaaS Apps Can Compromise the Security of SaaS Environments - AppOmni, accessed April 27, 2025, https://appomni.com/blog/how-saas-to-saas-apps-can-compromise-security-of-saas-environments/

26.  Common OAuth Vulnerabilities - Doyensec's Blog, accessed April 27, 2025, https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html

27.  The Rising Threat of Consent Phishing: How OAuth Abuse Bypasses MFA | Valence blog, accessed April 27, 2025, http://www.valencesecurity.com/resources/blogs/the-rising-threat-of-consent-phishing-how-oauth-abuse-bypasses-mfa

28.  SaaS OAuth Attack Leads to Widespread Browser Extension Breach - Valence Security, accessed April 27, 2025, https://www.valencesecurity.com/resources/blogs/saas-oauth-attack-leads-to-widespread-browser-extension-breach

29.  From $22M in Ransom to +100M Stolen Records: 2025's All-Star ..., accessed April 27, 2025, https://thehackernews.com/2025/01/from-22m-in-ransom-to-100m-stolen.html

30.  SaaS Supply Chain Attacks: Risks and How to Stay Secure - Reco.AI, accessed April 27, 2025, https://www.reco.ai/blog/saas-supply-chain-attacks-how-to-stay-secure

31.  carijournals.org, accessed April 27, 2025, https://carijournals.org/journals/index.php/IJCE/article/download/2551/2978/7365

32.  35+ Key SaaS Industry Statistics To Know Before Investing - OurCrowd, accessed April 27, 2025, https://www.ourcrowd.com/learn/saas-industry-statistics

33.  What is Cloud Concentration? Why are banks worried about it? Is ..., accessed April 27, 2025, https://datacentre.solutions/blogs/57193/what-is-cloud-concentration-why-are-banks-worried-about-it-is-cloud-portability-the-answer

34.  Finance, Multi-Cloud, and The Elimination of Cloud Concentration Risk | MongoDB, accessed April 27, 2025, https://www.mongodb.com/blog/post/finance-multicloud-elimination-cloud-concentration-risk

35.  Cloud Adoption in the Financial Sector and Concentration Risk | PIFS, accessed April 27, 2025, https://www.pifsinternational.org/cloud-adoption-in-the-financial-sector-and-concentration-risk/

36.  www.fsb.org, accessed April 27, 2025, https://www.fsb.org/uploads/PIFS.pdf

37.  What is Zero Trust? - Guide to Zero Trust Security - CrowdStrike.com, accessed April 27, 2025, https://www.crowdstrike.com/en-us/cybersecurity-101/zero-trust-security/

38.  Extend Zero Trust to SaaS Apps for Identity Security, accessed April 27, 2025, https://www.grip.security/blog/extend-zero-trust-to-saas

39.  Zero Trust Security for SaaS: Challenges & Best Practices - Reco AI, accessed April 27, 2025, https://www.reco.ai/learn/zero-trust-saas

40.  Micro-Segmentation In Zero Trust Architecture: A How-To Guide - Pilotcore, accessed April 27, 2025, https://pilotcore.io/blog/micro-segmentation-in-zero-trust-architecture

41.  How a Zero Trust Strategy Built on Microsegmentation Solves Cloud ..., accessed April 27, 2025, https://www.illumio.com/blog/how-a-zero-trust-strategy-built-on-microsegmentation-solves-cloud-risks

42.  What is Identity Threat Detection and Response (ITDR)? Definition ..., accessed April 27, 2025, https://appomni.com/saas-glossary/identity-threat-detection-and-response-itdr/

43.  www.fbcinc.com, accessed April 27, 2025, https://www.fbcinc.com/source/virtualhall_images/2024_Virtual_Events/DISA_J6/Anjuna/anjuna_whitepaper_confidential_AI_ML.pdf

44.  Confidential Computing's Role In Ending SaaS Data Breaches, accessed April 27, 2025, https://www.forbes.com/councils/forbestechcouncil/2025/01/30/confidential-computings-role-in-ending-saas-data-breaches/

45.  An Open Letter to Third-Party Suppliers - J.P. Morgan, accessed April 27, 2025, https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers

46.  Bring Your Own Cloud (BYOC): What is it and why it's the future of deployment - Northflank, accessed April 27, 2025, https://northflank.com/blog/bring-your-own-cloud-byoc-future-of-enterprise-saas-deployment

47.  SaaS Security: Risks, Technologies, and Best Practices | Frontegg, accessed April 27, 2025, https://frontegg.com/blog/saas-security

48.  9 SaaS Security Best Practices: Checklist for 2024 - Reco AI, accessed April 27, 2025, https://www.reco.ai/learn/saas-security-best-practices

49.  How do you handle security for your SaaS - Reddit, accessed April 27, 2025, https://www.reddit.com/r/SaaS/comments/1awe36z/how_do_you_handle_security_for_your_saas/

50.  How To Balance Security And Rapid Innovation In SaaS Development, accessed April 27, 2025, https://www.forbes.com/councils/forbestechcouncil/2025/03/04/how-to-balance-security-and-rapid-innovation-in-saas-development/

51.  7 SaaS Security Best Practices for 2025 - Jit.io, accessed April 27, 2025, https://www.jit.io/resources/app-security/7-saas-security-best-practices-for-2025