Security News
A new survey from the Cloud Security Alliance found that IT teams don't have a complete picture of SaaS in use by business units. Too many departments with access to SaaS security settings: 35%. Lack of visibility into changes into the SaaS security settings: 34%. Forty percent of respondents said that business departments, such as legal, marketing and sales, have access to security settings.
"Many recent breaches and data leaks have been tied back to misconfigurations. Whereas most research related to misconfigurations has focused strictly on the IaaS layers and entirely ignores the SaaS stack, SaaS security and misconfigurations are equally, if not more, important when it comes to an organization's overall security." "We wanted to gain a deeper understanding of the use of SaaS applications, how security assessments are conducted and the overall awareness of tools that can be used to secure SaaS applications," said Hillary Baron, lead author and research analyst, Cloud Security Alliance.
Security from Device to SaaS - securing a SaaS environment isn't enough when it comes to protecting against a breach. SSO does not go far enough, and organizations that take SaaS security seriously must also include MFA security measures.
Software-as-a-service companies saw their revenue growth slow by 46% in 2021 compared to 2020, according to a study by Paddle. In 2020, SaaS businesses' revenue grew on average by 78%, and showed no sign of slowing, and as a result, the market is now worth an estimated $145bn - up from $85bn in 2018.
Having SOC 2 compliance means you have implemented organizational controls and practices that provide assurance for the safeguarding and security of client data. After beginning our SOC 2 journey we realized that we did not have a great way to track the reasoning behind a required emergency change, and this was required for our SOC 2 audit.
In the wake of the SolarWinds and Kaseya attacks, third-party cybersecurity risks remain top of mind for security leaders. Third-party SaaS vendors have permeated every facet of our workflows and enmeshed itself across enterprise environments.
As part of a SOC2 audit, it is necessary to conduct security checks across the company's SaaS stack that will look for misconfigured settings such as detection and monitoring to ensure continued effectiveness of information security controls and prevent unauthorized/ inappropriate access to physical and digital assets and locations. If you're beginning or on a SOC2 audit journey, then an SSPM solution can streamline the process and shorten the time it takes to pass a SOC2 audit successfully, fully covering your SaaS Security posture.
Not to mention the fact that often the SaaS app owner sits outside of the security team in the department that most uses the app, and they are untrained and not focused on the security upkeep of the app. It all amounts to just how unrealistic it is to expect security teams to be able to stay in control of the organization's SaaS stack.
Not to mention the fact that often the SaaS app owner sits outside of the security team in the department that most uses the app, and they are untrained and not focused on the security upkeep of the app. That's why Gartner named SaaS Security Posture Management as a MUST HAVE solution to continuously assess security risks and manage the SaaS applications' security posture in the "4 Must-Have Technologies That Made the Gartner Hype Cycle for Cloud Security, 2021".
The framework enables organizations to improve the security and resilience of critical infrastructure with a well-planned and easy-to-use framework. Although the CSF was written and updated while SaaS was on the rise, it is still geared towards the classic legacy critical infrastructure security challenges.