As companies continue their inevitable march to the cloud, so do their vendors. With this migration, new opportunities present themselves. Sometimes this is with previously unavailable technology now within reach, or more simply, it is a chance to start fresh.
While there are many new hosted services to consider in the cloud, perhaps one of the most compelling and intriguing is deploying everything as code. IaC, PaC, serverless deployments are all becoming more popular as the realization of benefits such as high conformity, good source control options, automation, increased security, and the ability to do more with less.
However, a new use for code-based solutions is becoming more common. This is when a vendor extends their cloud DevOps workflow into another customer’s tenant. Consider the scenario where a vendor offers a full SaaS solution managed behind the scenes with code pushed from a repo to their tenant. All of the operations and workflows are in place to sustain the business model. Because everything is code based, extending this to another tenant is very simple, and it lets the customer keep data within their accounts, avoiding some of the other hosting concerns that may arise.
What is NOT obvious is that the customer is essentially allowing a SaaS solution to be created on their dime and at their risk expense. Without specific controls, there is a very significant supply chain threat introduced at the remote repo layer. If the vendor is not able to control that access properly, there is a real chance for malicious code to be pushed. Supply chain threats ( https://www.sans.org/blog/what-you-need-to-know-about-the-solarwinds-supply-chain-attack/) have been very impactful over the last few years, and this scenario promises to deliver more.
A partial mitigation might be for customers to control access to the repo (https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/), but this is likely to impact the vendor automation and workflows. There are other possible solutions to reduce risk, but often at the expense of efficiency towards the solution.
As this design develops into a more common occurrence, companies need to fully understand the risks before moving forward. The shared responsibility model will look much different if they choose to head in this direction.