With the first full day of RSAC 2023 in the books, we wanted to publish a running diary of some of the key takeaways and themes that we are hearing on the show floor and at the various sessions we’re attending.

When developing applications, organizations rely heavily on the software development lifecycle (SDLC) to engrain security into the development process early and continuously. The SDLC lays out how to build security into early steps as developers are creating and testing applications. As such, organizations are able to embed security practices when it matters most.

Last week, on March 31st, NetSPI researchers announced that they found a cross-tenant Azure vulnerability in the Microsoft Power Platform connectors infrastructure, which allowed them to then access “at least 1,300 secrets/certificates in 180+ vaults”. In this article, we set out to analyze the root cause behind this vulnerability, explain its impact, and provide our own recommendations for Power Platform users and administrators.

Recent research from penetration testing company NetSPI found that Azure on-premises data gateways allow Power Platform and Power BI to access customer resources and databases. Threat researchers found that these gateways can communicate with Power Platform through an Azure service called Azure Relay (previously known as Azure Service Bus).