Security News > 2022 > April > Business teams increase cybersecurity risk due to poor SaaS management
A new survey from the Cloud Security Alliance found that IT teams don't have a complete picture of SaaS in use by business units.
Too many departments with access to SaaS security settings: 35%. Lack of visibility into changes into the SaaS security settings: 34%. Forty percent of respondents said that business departments, such as legal, marketing and sales, have access to security settings.
Charlie Winchless, a senior director analyst on Gartner's Infrastructure Protection team, agrees SaaS usage is rarely centralized with a single department like IT. "This means that many organizations not only don't have tooling and staff, they are not necessarily even aware of what business-critical SaaS applications are in use," he said.
Eighty-one percent of respondents said they have seen an increase in SaaS use but only 73% have increased security tools for SaaS deployments and only 55% have increased staff for SaaS security.
"There are too many IT professionals who just wish that SaaS would go away and stop bothering them, but SaaS is here to stay," he said.
The survey found that a lack of visibility into third party application access to the core SaaS stack is the top concern when adapting SaaS applications followed by a lack of visibility into security settings.