
In a recent open letter to third-party suppliers, Patrick Opet, Chief Information Security Officer at JPMorganChase has raised a critical alarm about the accelerating risks associated with SaaS security vulnerabilities. While excitement over new technologies, including AI solutions, has driven many companies to rapid adoption of many third-party apps and services, Opet underscores the urgency for both SaaS vendors and their enterprise customers to prioritize security.
As a cloud network security company, Aviatrix empowers customers to address these vulnerabilities through proactive, long-term, and cost-efficient design and management strategies. Read on for the cloud network security take on JPMorganChase’s security assessment and how our solution empowers you to secure your data.
What You’ll Learn:
- How the SaaS-crowded landscape introduces critical security vulnerabilities
- Practical steps for all organizations to reprioritize security, modernize your security architecture, and collaborate to close vulnerabilities caused by insecure integrations
- How Aviatrix empowers organizations to achieve secure, simplified, and scalable cloud infrastructure
The Security Landscape: SaaS Creates a Landscape of Vulnerabilities
JPMorganChase calls out a growing problem in the SaaS landscape. Enterprises rely so heavily on a small set of SaaS vendors, without proper authentication or verification for the data integrations involved, that any single data breach, malware intrusion, or vulnerability can create a chain reaction that compromises multiple businesses.
The internet has become the de facto enterprise network—and it was never built for trust.
SaaS, GenAI, and API-first integration models collapse traditional segmentation that protected individual organizations from this kind of shared risk. AuthN/AuthZ (authentication/authorization) gets oversimplified into token reuse to make workflows easier. Every workload, every SaaS plug-in, every GenAI endpoint is now implicitly trusted by your infrastructure. It’s a major security flaw, and cyberattackers know it.
SaaS cyberattacks can expose millions of records – both of individual customers and businesses. Metomoic has recorded three major breaches in its SaaS breach database in 2025 alone – one of which, the DemandScience Data Breach, exposed the data of 122 million businesses.
The risk of insecure access tokens and insecure vendor access is only increasing. “The explosive growth of new value-bearing services in data management, automation, artificial intelligence, and AI agents amplifies and rapidly distributes these risks,” Opet said.
While the benefits can be high, in adopting third party SaaS-based services, the complexity introduced with providing interconnectivity to third-party services can tear holes in the security systems designed to protect your data. According to IBM, the average cost of a data breach in the cloud is $4.8M — to say nothing of the cost to customer relationships or brand reputation.
Opet has three major recommendations for fellow enterprises when it comes to third-party service security:
1. Reprioritize security
One of the causes of the growing risk to the SaaS supply chain is organizations’ choice to prioritize speed over security. “Fierce competition among software providers has driven prioritization of rapid feature development over robust security,” Opet said. Instead of leading with security, many organizations have made it a second or third priority, an afterthought to patch in after the original design work is done.
This development approach can leave gaps that cyberattackers can exploit – cyberattackers who are more patient and diligent in finding vulnerabilities than developers were in discovering them during design and testing.
Aviatrix partners with organizations to put security first through:
- Comprehensive visibility and monitoring – Our distributed enforcement, centralized management-plane architecture helps you see your entire network and monitor all accounts, gateways, and traffic. Know where your data is going and enable the rapid monitoring, identification, and blocking of anomalies.
- Declarative trust policy as code – In our security-first model, we treat policy as code. For example, our Kubernetes Firewall solution bakes security policy enforcement directly into Kubernetes deployments.
- Full auditability across SaaS integrations and cloud providers – Aviatrix provides real-time, actionable telemetry across cloud providers and integrations with features like our Network Insights API.
2. Modernize security architecture
SaaS models are redefining data integration across services and platforms. Many prioritize speed and ease-of-use in creating direct integrations between third-party and internal systems, often without safety checks in between. Opet gives the example of “an AI-driven calendar optimization service” that can integrate directly into corporate email accounts may help streamline operations, but it can also expose confidential data and communications.
“In practice, these integration models collapse authentication (verifying identity) and authorization (granting permissions) into overly simplified interactions, effectively creating single-factor explicit trust between systems on the internet and private internal resources,” Opet said.
Similarly, integrations are being implemented to third-party SaaS services within the cloud. In helping companies modernize their architecture, Aviatrix helps bridge the gap between the tempting simplicity of these direct SaaS integrations and security best practices:
- Cloud-first architecture – Aviatrix’s cloud-native, distributed architecture provides built-in security specifically designed for a borderless cloud environment. You can design network-wide policies for all your resources, across clouds and locations.
- Zero trust framework – Starting with a zero trust model instead of “single-factor explicit trust” models, Aviatrix enables SSO (single sign on) verification through OpenVPN and cloud-native, multicloud network segmentation that prevents lateral movement across your network.
- Secure egress – One aspect of security that Opet’s open letter did not address is what to do after threat actors have gotten into your network through improper authentication, stolen credentials, or some other vulnerability. Aviatrix provides egress security to catch cyberattackers on their way out of your network, preventing them from exfiltrating data or unloading malware into your system.
3. Work collaboratively to prevent “the abuse of interconnected systems”
Opet calls out traditional measures including ”network segmentation, tiering, and protocol termination” as possibly not being viable in a SaaS integration model. He recommends three major methods for protecting networks from these security risks:
- Sophisticated authorization methods – While it’s tempting to keep using oversimplified, direct integrations, organizations need to continue verifying authorized access for all third-party apps and services. Aviatrix’s built-for-cloud Network Segmentation separates resources and prevents lateral movement.
- Advanced detection capabilities – Sprawling enterprise networks need someone who can maintain comprehensive visibility and respond quickly to possible threats. Aviatrix partners with customers by offering features like multicloud topology view, AnomalyIQ for traffic anomalies, and integrations with AWS ThreatGuard and Microsoft Copilot for Security which offer actionable intelligence and policy recommendations.
- Proactive measures – Speed cannot take priority over security. However, Aviatrix helps customers achieve both: deploy rapidly and securely through Infrastructure as Code solutions like Terraform, secure your border through the Aviatrix Cloud Firewall, and connect through high-performance encryption.
While rapid industry changes, new technologies like AI, and the increasing number of apps and services you can use make security seem like a worrier’s concern, cyberattacks are very real and only getting smarter. Explore strategies for reprioritizing security, modernizing your security architecture, and closing vulnerabilities across your network today.
- Schedule a demo to learn how our Cloud Firewall solution helps secure traffic and optimize costs across your network.
- Try our free, five-minute security assessment to explore potential risks to your network.