Collateral Access: SaaS Drift, Cloud Leaks & Biometric Risks

In partnership with

Big investors are buying this “unlisted” stock

When the founder who sold his last company to Zillow for $120M starts a new venture, people notice. That’s why the same VCs who backed Uber, Venmo, and eBay also invested in Pacaso.

Disrupting the real estate industry once again, Pacaso’s streamlined platform offers co-ownership of premier properties, revamping the $1.3T vacation home market.

And it works. By handing keys to 2,000+ happy homeowners, Pacaso has already made $110M+ in gross profits in their operating history.

Now, after 41% YoY gross profit growth last year alone, they recently reserved the Nasdaq ticker PCSO.

Invest for $2.90/Share

_{Paid advertisement for Pacaso’s Regulation A offering. Read the offering circular at invest.pacaso.com. Reserving a ticker symbol is not a guarantee that the company will go public. Listing on the NASDAQ is subject to approvals.}

SaaS Account Sprawl Is a Breach Waiting to Happen

Employees now create and abandon SaaS accounts without IT’s knowledge. These orphaned accounts often retain access to sensitive systems, hold stored credentials, or host overlooked files.

IT teams should enforce SSO with automated provisioning/deprovisioning and run quarterly app audits. SaaS asset management is now just as important as device security.

Biometric Data Breaches Have No Reset Button

Unlike passwords, your iris or fingerprint can't be changed. Recent breaches involving biometric access data (from airports, payment systems, and workplace scanners) underscore the stakes.

Encrypt biometric data at rest and in transit, use multi-modal authentication, and ensure vendors adhere to strict biometric storage compliance frameworks like BIPA or GDPR Article 9.

Cloud Misconfigurations Remain a Top Enterprise Risk

Cloud security failures are often not exploits—they’re exposed buckets, permissive IAM roles, or disabled logging. Attackers now scan for these vulnerabilities in real time.

Implement cloud posture management (CSPM), enforce least-privilege IAM, and integrate continuous auditing pipelines into your DevSecOps stack.

Phishing Simulations Are Getting Smarter (So Should You)

Red teams are now using ChatGPT-like tools to craft hyper-personalized phishing simulations that bypass traditional filters and spot-checks. Employees report higher click rates on AI-generated lures.

Security awareness programs must evolve—train using real simulations, adjust frequency by risk level, and gamify reporting to increase engagement.

Cross-Tenant Cloud Attacks Target SaaS Platforms

A wave of new attacks exploit flaws in multi-tenant SaaS platforms—allowing one customer to view or modify data from another. These are especially dangerous in collaborative tools and shared API environments.

Demand tenant isolation assurances from vendors, restrict integrations, and monitor inter-tenant communications for abnormal activity.

Data Broker Targeting: When Your Metadata Becomes an Attack Map

Cybercriminals now purchase aggregated personal data from brokers to plan socially engineered attacks. It’s legal, cheap, and deeply effective.

Redact sensitive employee metadata from public sources, and run OSINT audits on your executive team to map exposure before an attacker does.