Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Advisories
  4. Securing Your Cloud Environment when using SaaS Products
Advisory

Securing Your Cloud Environment when using SaaS Products

29 May 2025

SingCERT has observed reports of possible cyber threat activities targeting Commvault’s Metallic SaaS platform. As more organisations shift to the cloud, understanding the security implications of SaaS and implementing best practices is crucial.

SingCERT has observed reports of possible cyber threat activities targeting Commvault’s Metallic Software-as-a-Service (SaaS) platform, a popular solution for Microsoft 365 (M365) data backups. If the threat actors successfully accessed client secrets stored in the aforementioned SaaS solution, they could gain unauthorised access to Commvault's clients' M365 environment.

This incident may be part of a broader and growing trend where attackers target SaaS platforms as a gateway to sensitive enterprise data. As more organisations shift to the cloud, understanding the security implications of SaaS adoption and implementing best practices is crucial.

What is SaaS?

Software-as-a-Service (SaaS) is a cloud-based model where applications are delivered over the internet. Rather than being installed on local machines or servers, SaaS solutions are hosted by third-party providers and accessed through web browsers or APIs. Examples include M365, Google Workspace, Salesforce, Dropbox, and Commvault Metallic.

SaaS platforms offer scalability, accessibility, and cost-efficiency, but they also introduce shared responsibility models, where the provider secures the infrastructure, while clients must secure usage, access, and data configurations.

How to Protect Yourself

Individuals and organisations are advised to adopt the following measures to strengthen their cybersecurity posture and boost online defences, safeguarding both personal and organisational data.

For Individuals (End Users)

  • Always create strong, unique passwords for each SaaS account, and use a password manager to securely store them

  • Enable multi-factor authentication (MFA) on all SaaS platforms, especially for critical services like email, storage, and productivity tools

  • Stay vigilant against phishing attacks by verifying email senders, avoid clicking on suspicious links or login prompts,and refraining from opening or downloading unknown attachments

  • Regularly review and manage third-party applications that have access to your SaaS accounts, and revoke permissions for apps you no longer use or recognise

  • Log out of SaaS accounts after using shared or public devices to prevent unauthorised access

  • Immediately report any suspicious activity such as unfamiliar login attempts or unexpected account changes to your organisation’s IT or security team

  • Keep all software (browsers, apps, and device OS) up to date, as attackers often exploit unpatched vulnerabilities to gain access to SaaS sessions or credentials

For Organisations

  • Implement a robust Identity and Access Management (IAM) system to enforce role-based access control and the principle of least privilege across all SaaS platforms

  • Encrypt data when it's stored and during transfer to prevent unauthorised access or interception 

  • Make multi-factor authentication (MFA) mandatory for all users, especially those with administrative or sensitive data access

  • Conduct regular audits of user accounts, permissions, and connected applications to identify and eliminate unnecessary or risky access

  • Monitor SaaS application activity by enabling detailed audit logs and integrating them with a Security Information and Event Management (SIEM) system

  • Educate employees regularly through cybersecurity awareness training that includes SaaS-specific risks, such as phishing and unauthorised app integrations

  • Evaluate the security posture of all SaaS vendors before adoption, and stay informed of any vulnerabilities or incidents related to the services you use

  • Maintain regular, independent backups of all critical SaaS-hosted data, and test restoration procedures to ensure business continuity during disruptions

  • Use SaaS Security Posture Management (SSPM) tools to automate the detection of configuration issues, access risks, and compliance violations across your SaaS environment

  • Establish a patch and vulnerability management process for any connected agents, local components, plugins, or integrations associated with your SaaS platforms to ensure known vulnerabilities are promptly addressed

While SaaS platforms streamline operations and reduce infrastructure burdens, they are not immune to cyber threats. Incidents like the one involving Commvault’s Metallic platform serve as a stark reminder that cloud-based convenience must be matched with rigorous security practices. Organisations are urged to review their SaaS security posture, especially for platforms that handle sensitive data or administrative access.

References:

https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic

https://thehackernews.com/2025/05/cisa-warns-of-suspected-broader-saas.html

https://www.crowdstrike.com/en-us/cybersecurity-101/cloud-security/cloud-security-best-practices/

https://www.paloaltonetworks.com/cyberpedia/17-ways-to-secure-when-deploying-cloud-environments

Back to top