Top 5 SaaS misconfigurations to avoid and why

Aziz El Ouaqid
May 1, 2024
Top 5 SaaS misconfigurations to avoid and whyTop 5 SaaS misconfigurations to avoid and why
Aziz El Ouaqid
May 1, 2024
On this page

Cloud storage services and SaaS apps like Google Drive and Microsoft OneDrive provide convenient, scalable solutions for managing documents, photos, and more—making them indispensable for modern work and personal life. However, misconfigured settings and permissions can lead to serious security breaches, noncompliance, and even the loss of customer trust. 

Let’s explore the 5 most common misconfiguration issues with real-world examples.

Inadequate logging and monitoring

Following the rise in privilege escalation attacks, it’s often difficult for security teams to distinguish between insider risks and external threats. While logging and monitoring practices are useful for protecting against suspicious activities, security teams often don’t have the time to complete a manual audit of sharing and permission settings in their SaaS environments. Even when they do, built-in detection can be quite noisy and time-consuming. Ultimately, this lack of visibility could weaken an organization’s security posture over time.

So, what can security teams do to run an efficient and effective monitoring workflow? First, they need to determine their high-risk content types and users. Next, they need to put a strategy in place that helps them to reduce their time to remediation for those risks. Read on to get a closer look at the types of content and users that your SaaS security strategy should cover.

Exposed access keys and OAuth tokens

As we’ve seen in the recent Sisense data breach, exposed access keys or OAuth tokens can grant unauthorized access to sensitive files, folders, or drives. For a similar breach to occur, all it would take is a developer accidentally committing an API key to a public GitHub repository. From there, a threat actor could use that key to gain access to the organization’s Google Drive, where they could steal company or customer data. 

To prevent this scenario, security teams might consider conducting both regular audits as well as real-time scanning of SaaS apps in order to detect sensitive data across repos, projects, files, folders, drives, and more. This enhanced visibility, paired with quick time to remediation, can minimize the blast radius of a privilege escalation attack.

Over-permissive sharing

When working in fast-paced environments, or across multiple teams, it might seem like a no-brainer to simply share files or folders with “Anyone with the link.” However, if someone outside your team or organization somehow got access to the link, it could all too easily lead to data exposure, or down the line, data exfiltration. 

Another example: Say a major healthcare provider internally shares a Google Drive link containing patient medical records. If that link were accessible to the public, it could inadvertently cause a breach of patient privacy, and therefore, a violation of HIPAA compliance. 

With this example in mind, it’s critical for security teams to be able to adjust sharing settings in real time. By spotting an error and acting quickly, security teams would be able to prevent a data leak before it had the chance to lead to legal issues, costly fines, or longstanding reputational damage.

Inherited permissions

Files inherit the permissions of the folders they’re stored in. In other words, it’s possible for sharing settings to be misconfigured depending on the folder the file is created in or added to. In this case, users may not even need to change sharing settings for data to be exposed. 

Consider this example: A research institute employee is collaborating with a colleague from an external organization, and shares a folder of unpublished findings with them. While this collaboration might be completely aboveboard, it opens up risk down the line for another research institute employee to stumble across that same folder, and add more files to it without realizing that it’s been shared externally. In other words, the external organization would now have access to more sensitive data than what the original employee meant to share.

Our key takeaway? Security teams should consider implementing an automated data leak prevention (DLP) tool that can adjust sharing settings in real time and ensure that their most sensitive data is protected by default.

Neglected account deactivation

Last, but not least, it’s important to monitor the activity of high-risk users, such as departing employees. In a worst-case scenario, a departing employee could access a shared Google Drive folder after they leave the company, whether it be for financial gains or some form of sabotage. 

To prevent such a scenario, it’s important for security teams to track the activity of high-risk users and user groups so that they can identify and put a stop to insider risk before it has the chance to become a data breach.


Security teams need to take a proactive approach to SaaS security posture management in order to protect their sensitive content from both insider risks and external threats. 

This is where Nightfall SaaS Security Posture Management (SSPM) comes in. Nightfall helps security teams to create and enforce policies that focus on protecting high-risk content and monitoring high-risk users, all in real time. The best part? Nightfall’s detectors are 2x more accurate, and have 4x fewer false positives than the competition, meaning that Nightfall can fully automate security workflows and ensure continuous compliance with leading standards like HIPAA, PCI-DSS, SOC 2, and more. 

Want to see Nightfall’s SSPM solution in action? Sign up for your custom demo today.

Nightfall Mini Logo

Getting started is easy

Install in minutes to start protecting your sensitive data.

Get a demo