Security News > 2022 > April > The perils of SaaS misconfigurations
"Many recent breaches and data leaks have been tied back to misconfigurations. Whereas most research related to misconfigurations has focused strictly on the IaaS layers and entirely ignores the SaaS stack, SaaS security and misconfigurations are equally, if not more, important when it comes to an organization's overall security."
"We wanted to gain a deeper understanding of the use of SaaS applications, how security assessments are conducted and the overall awareness of tools that can be used to secure SaaS applications," said Hillary Baron, lead author and research analyst, Cloud Security Alliance.
The leading causes of SaaS misconfigurations are lack of visibility into changes into the SaaS security settings and too many departments with access to SaaS security settings.
Investment in business-critical SaaS applications is outpacing SaaS security tools and staff.
Over the past year, 81 percent of organizations have increased their investment in business-critical SaaS applications, but fewer organizations reported increasing their investment in security tools and staff for SaaS security.
Organizations that use an SSPM can detect and remediate their SaaS misconfigurations significantly quicker - 78 percent checked their SaaS security configurations weekly or more, compared to those not utilizing an SSPM, where only 45 percent were able to check at least weekly.
News URL
https://www.helpnetsecurity.com/2022/04/14/saas-security-misconfigurations/