Latest news with #ObsidianSecurity
National Post
09-07-2025
- Business
- National Post
Obsidian Security Expands Go-to-Market Leadership Team to Scale SaaS Protection in the Age of AI
Article content PALO ALTO, Calif. — Obsidian Security, the leading SaaS security platform trusted by global enterprises including Snowflake, T-Mobile, and Pure Storage, today announced the expansion of its go-to-market leadership team with five strategic appointments. These hires position Obsidian to scale its operations as the company addresses the rapidly evolving security challenges posed by agentic AI and accelerates toward long-term growth and IPO readiness. Article content Article content The company has appointed Alison Tierney as VP of Go-to-Market (GTM) Strategy, Corey Elinburg as Field Chief Technology Officer, Brian McHenry as Vice President (VP) of Worldwide Solutions Engineering, Tina Lei as VP of Revenue Marketing, and Tyler Mihevc to lead Mid-Market expansion. These appointments build upon Obsidian's recent hire of Chief Product Officer (CPO) Khanh Tran, former VP of Product Management at CrowdStrike, as the company assembles an industry-leading executive team. These leadership additions come as organizations worldwide grapple with unprecedented SaaS security risks driven by AI-powered attacks, application sprawl, embedded co-pilots, and AI agents leveraging overly permissive OAuth tokens. Article content 'We're proud to welcome leaders who have chosen Obsidian because they share in our mission and recognize the momentum we've built,' said Brian Murphy, Chief Revenue Officer of Obsidian Security. 'Their confidence and expertise strengthen our ability to scale every part of our go-to-market engine—from engineering and sales to mid-market expansion and international strategy. As our customers face growing pressure to secure their SaaS environments while driving innovation, our success in meeting those demands depends on the strength of our team. This is a strategic inflection point, and we're fully committed to increasing our market impact and driving long-term revenue growth.' Article content Addressing AI's Double-Edged Impact on SaaS Security Article content Agentic AI offers powerful productivity gains but also introduces new risks. While these agents streamline workflows and enhance efficiency, they expand the attack surface by leveraging the same integration mechanism used by SaaS-to-SaaS integrations. AI-embedded SaaS tools and autonomous systems operating with excessive permissions via longstanding OAuth connections magnify the SaaS-to-SaaS integration blindspot. Article content Obsidian's foundational Knowledge Graph provides a unique advantage in solving this problem. By unifying SaaS, endpoint, network, and identity data, Obsidian delivers the contextual insight necessary to understand not just what AI agents are accessing, but how that access fits within the broader ecosystem of application relationships and user behaviors. Article content The platform's deep visibility into application usage—enriched with workload context and in-app activity monitoring—enables Obsidian to detect subtle OAuth token anomalies that signal malicious or compromised AI agents. This intimate understanding of SaaS interconnections is exactly what's required to secure environments where autonomous agents have become new actors. Article content Building on this foundation, Obsidian is partnering with Fortune 500 customers to bring to market enterprise-tested solutions to safely and rapidly adopt Agentic AI. Article content Leadership Team Brings Proven Scale Experience Article content Alison Tierney, VP of GTM Strategy, joins from Snowflake, where she served as SVP of Sales and VP of Global Sales Strategy, driving global expansion and scaling high-growth sales organizations. She also held sales leadership roles at AppDynamics and Oracle. At Obsidian, Tierney will focus on building unified go-to-market strategies and leading international expansion. Corey Elinburg, Field Chief Technology Officer, brings over 26 years of enterprise security leadership experience. Previously the Chief Information Security Officer (CISO) at CommonSpirit Health (parent organization of Dignity Health), Elinburg oversaw security and IT operations for more than 175,000 employees across 2,200+ care sites in 24 states. He brings invaluable perspective on securing large-scale, distributed organizations. Brian McHenry, VP of Worldwide Solutions Engineering, joins from F5, where he spent 16 years building and leading the global security practice for technical sales. He set global security sales strategy and played key roles in the $1B acquisition of Shape Security and $500M acquisition of Volterra. His deep experience scaling security solutions makes him well-positioned to lead Obsidian's technical sales efforts globally. Tina Lei, VP of Revenue Marketing, brings extensive growth marketing expertise from NinjaOne, where she advanced from Performance Marketing Specialist to VP of Growth over nearly seven years. Lei led digital marketing, website optimization, and product-led growth, managing multi-million-dollar budgets and building high-performing teams. Tyler Mihevc leads Obsidian's Mid-Market revenue team. He brings proven sales leadership from high-growth companies including (Worldwide VP of Sales), PredictHQ (VP of Worldwide Sales and Customer Success), and senior roles at Okta. His appointment strengthens Obsidian's ability to serve organizations navigating AI-integrated business environments. Article content Scaling for Long-Term Growth Article content Built by security leaders who previously redefined endpoint and identity security at CrowdStrike, Okta, Palo Alto Networks, and Cylance, Obsidian Security protects more than 200 organizations across North America, Europe, the Middle East, Southeast Asia, Australia, and New Zealand—including many of the world's largest Fortune 1000 and Global 2000 companies. Article content The company secures business-critical SaaS applications such as Microsoft 365, Salesforce, and hundreds of other enterprise tools that drive modern work. Obsidian operates data centers in the US, Europe, the Middle East, and Australia to ensure robust protection for its global customer base. The company's modular approach to SaaS security allows it to meet the needs of large and small enterprises. Article content 'AI is changing the threat landscape faster than most organizations can respond,' said Hasan Imam, CEO of Obsidian Security. 'This moment demands leadership that understands both the scale of the challenge and the urgency of the opportunity. We're building a team that's done this before—so we can stay ahead of emerging threats and deliver on the promise of safe, scalable AI adoption.' Article content About Obsidian Security Article content Obsidian Security is the leading SaaS security platform, trusted by global enterprises like Snowflake, T-Mobile, and Pure Storage. We protect over 200 global organizations, including many of the world's largest Fortune 1000 and Global 2000 companies with data center availability in North America, EMEA, and APAC. Backed by top investors like Greylock, we're closing a critical gap: securing the SaaS apps where business happens like Microsoft 365, Salesforce, and hundreds more. Our platform reduces risk, detects and responds to threats, and prevents breaches at the source. Obsidian was built by leaders who redefined endpoint and identity security at CrowdStrike, Okta, Cylance, and Carbon Black. Now, we're tackling the next frontier: securing SaaS in the era of agentic AI. As AI tools gain access to sensitive data through integrations, Obsidian uniquely detects human and non-human identity compromise and manages integration risk. Article content Article content Article content Article content Contacts Article content Media Contact Article content Article content Article content
Forbes
20-06-2025
- Business
- Forbes
It Is Time To Get SaaSsy With Cybersecurity
Corey Elinburg, Field CTO of Obsidian Security, has spent 25+ years helping industry giants from all verticals secure what matters most. Salesforce launched its SaaS platform in 1999. ServiceNow followed in 2004, Workday followed in 2006 and in 2008, Microsoft introduced the Business Productivity Online Suite, which later evolved into Office 365 and is now known as Microsoft 365—a platform many of us rely on today. Despite our accelerated adoption of and increasing reliance on SaaS, many enterprises still struggle to secure these platforms effectively. SaaS-related security incidents are on the rise, yet most organizations suffer from blind spots driven by a combination of technical, organizational and cultural challenges. Below are the most common reasons I've seen why SaaS security is often overlooked: Many organizations mistakenly believe that SaaS vendors are solely responsible for security. In reality, while vendors secure the infrastructure and core application, customers are responsible for securing how the service is used—this includes user access, data sharing, MFA enforcement and more. That responsibility can extend across hundreds or even thousands of configuration settings. Failure to understand this model often leads to neglected security tasks like access controls, audit logging or configuration hardening. Notably, the 2023 Snowflake-related breaches were attributed to customer-side misconfigurations—not vendor failures—impacting even large enterprises with mature security teams. Employees frequently adopt SaaS tools without going through IT or security, leading to 'shadow IT.' These unsanctioned tools often handle sensitive data but remain invisible to security teams. A 2025 study found that 55% of employees adopt SaaS without security's involvement, and 57% report fragmented administration—making consistent oversight a challenge for many organizations. This lack of visibility makes it difficult to enforce policies, manage risk or even know where critical data resides. As more teams adopt SaaS apps for convenience and speed, this problem continues to grow unchecked. SaaS security often gets deprioritized because security teams are stretched thin. A 2024 report from ISACA found that 61% of European security teams lack sufficient staff, and nearly half report budget constraints. With limited resources, security teams focus on more traditional and well-known threats—like malware or network attacks—while SaaS security falls by the wayside. Without dedicated SaaS tools or staff, tasks like access reviews to uncover local SaaS accounts and third-party integration audits that would be considered "standard modus operandi" for traditional IT are neglected. SaaS tools can be deployed as quickly as the swipe of a credit card. Often, IT is not the "owner" of the SaaS application. Line-of-business teams prioritize agility and productivity, not security oversight. As a result, governance processes can't corral or keep up with SaaS adoption. In fact, 65% of unsanctioned SaaS apps are adopted without IT's involvement, and 59% of IT leaders say SaaS sprawl is hard to manage. Security teams are left playing catch-up, trying to enforce controls after deployment, which is often too late. Enterprises often assume that if a SaaS vendor claims to be secure (e.g., with SOC 2 or ISO certifications), then no further action is needed. This misplaced trust creates a false sense of security. While SaaS vendors may protect infrastructure, they can't control how customers use their platforms. Misconfigured permissions, unsecured data sharing or unvetted integrations can still lead to breaches—even on compliant platforms. Many companies focus more on achieving compliance checkboxes than addressing actual risk. Regulatory frameworks like HIPAA or GDPR may mandate certain practices, but they don't cover every SaaS-specific risk. This compliance-centric mindset can lead to security complacency. Organizations may pass audits but still be vulnerable to evolving SaaS threats like OAuth abuse, insider risk or third-party API exploitation. SaaS apps rarely work alone—they connect to other tools via APIs or integrations. These third-party connections often have broad permissions and can serve as attack paths if not properly secured. A recent report found that 64% of active third-party SaaS integrations in enterprises are over-permissioned. And 68% had unknown or unmonitored third-party APIs, leaving them open to abuse or misconfiguration. SaaS security isn't neglected because organizations don't care—it's neglected because of visibility gaps, cultural misunderstandings, rapid adoption cycles and strained security resources. To close these gaps, enterprises need to: • Gain visibility into SaaS usage and integrations. • Clarify roles under the shared responsibility model. • Dedicate resources to SaaS posture management. • Adopt a risk-based approach, not just compliance. • Continuously monitor configurations, access and third-party connections. • Ensure their SOC and incident response teams are empowered with tooling to respond to SaaS-related incidents. With the right focus, SaaS security can become a strength rather than a blind spot. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
National Post
14-05-2025
- Business
- National Post
Obsidian Security Launches Shadow SaaS, AI App Management and Threat Prevention Capabilities Built for Mid-Sized Enterprises
Article content NEWPORT BEACH, Calif. — Obsidian Security has launched a new browser extension to help businesses safely use SaaS and AI apps online. The extension automatically finds and manages shadow SaaS and AI tools, blocks advanced spear-phishing attacks targeting access tokens, and gives real-time protection right in the user's browser. It's fast, lightweight, and private by design, already used on over a million devices across two hundred large and mid-sized enterprise customers. The solution leverages Obsidian's insights from its network and threat research to keep blocking new threats as they appear. Article content Article content The browser extension is especially significant for Mid-sized enterprises as they are having to do more with limited resources. Obsidian's browser extension is easy to deploy and delivers Shadow SaaS/AI and threat prevention capabilities without resource-intensive management and configuration. Teams can eliminate web risks and unwanted costs driven by the usage of Shadow SaaS. Article content The extension automatically detects and tracks both known and previously unknown apps that are accessed on all popular workforce browsers, such as Chrome, Firefox, and even enterprise browsers like Island. Security teams gain real-time insight into unfederated authentication and the potential for SaaS data loss due to supply chain breaches. This allows businesses to safely adopt the latest technology, monitor usage to compare against IT's approved app lists, and block access to high-risk AI and SaaS apps. Article content Phishing kits are now a major threat to SaaS because attackers use AI to quickly create fake login pages that look real, down to the pixel, and trick users into giving up their access tokens. These tokens can then be reused to access SaaS applications. These attacks, known as Adversary-in-the-Middle (AitM), figured out how to bypass MFA measures and even two layers of email protection (seen across 90% of enterprise customers). Obsidian Security's solution stops SaaS token theft in real time by blocking actions on fake login pages directly in their browsers. It uses AI-powered visual and content analysis to identify and stop these threats. The system continuously adapts to prevent emerging web threats in real-time based on learnings from incident response, helping security teams stay ahead. Article content 'Obsidian recognizes that SaaS Security is a journey, and the primary needs of mid-market enterprises differ from large enterprises. With Obsidian, growing enterprises can start with a prevention-focused solution delivered as a light-weight browser extension. When ready, they will expand to cover additional use cases spanning SaaS Security Posture Management, and Identity Threat Detection and Response, all without needing a new vendor,' said Obsidian CEO, Hasan Imam. Article content Obsidian Security's Shadow SaaS, Shadow Gen AI, and Identity Threat Prevention capabilities are generally available today. The lightweight, self-updating, zero-touch and privacy-minded browser extension can be deployed across major enterprise and commercial browsers. Article content Product announcements do not represent a commitment, obligation, or promise to deliver any product, feature, or functionality, and customers should not rely on them to make purchase decisions. Article content Article content Article content Article content Article content Article content
