The widely accepted software-as-a-service (SaaS) delivery model contains significant flaws and is “quietly enabling cyber attackers”, introducing widespread vulnerabilities that could undermine the global economic system, according to a leading financial services chief information security officer (CISO).
In an open letter to third-party suppliers, JPMorgan Chase CISO Patrick Opet this week criticised software companies for making SaaS the default, and often the only, format in which software can now be delivered, trapping customers into relying on service providers and concentrating risk into these organisations.
He said that while this model can be efficient and innovative, it is now clear that it “magnifies the impact of any weakness … creating single points of failure with potentially catastrophic system-wide consequences”.
“At JPMorganChase, we’ve seen the warning signs first-hand. Over the past three years, our third-party providers experienced a number of incidents within their environments. These incidents across our supply chain required us to act swiftly and decisively, including isolating certain compromised providers and dedicating substantial…
