As you may have noticed on your recent Zoom calls, the latest application update quietly added a slick little app-store sidebar to the right-hand side of your session screen. This feature enables any business user within your organization to integrate the software-as-a-service (SaaS) apps showcased in the sidebar with a click of a button — without so much as disrupting their Zoom session.
While seemingly innocuous, this feature highlights the greatest strength and one of the greatest SaaS security risks — the ability for anyone within an organization to adopt, configure, and manage SaaS applications. While this process may be convenient and conducive to fast business enablement, by design it also bypasses any internal security review processes. This leaves your security team with no means of knowing which apps are being adopted and used, whether they may have security vulnerabilities, if they are being used in a secure way, or how to place security guardrails around their use. Enforcing zero-trust security principles becomes almost impossible.