Security News
SaaS sprawl grows with the number of applications an organization uses in its SaaS stack, and as information in the different applications is distributed, it becomes less and less centralized, resulting in data sprawl. The ubiquity of SaaS applications means that they encourage shadow SaaS. Neither new nor unusual, this activity allows employees to take advantage of available SaaS solutions that meet their own specific needs in a way they feel is not being met by the organization.
The 2022 SaaS Security Survey Report, in collaboration with CSA, examines the state of SaaS security as seen in the eyes of CISOs and security professionals in today's enterprises. The report gathers anonymous responses from 340 CSA members to examine not only the growing risks in SaaS security but also how different organizations are currently working to secure themselves.
Employees in the digital transformation age are now compelled to choose their best-of-breed applications, independently adopting and connecting SaaS applications, no/low code platforms like Workato and Zapier, and SaaS marketplace third-party apps in order to increase productivity, creating a convoluted web of ever-growing app-to-app integrations. These solutions provided value for their original purpose, but the SaaS-to-SaaS supply chain today thrives on application integration, non-human identities and app-to-app connectivity - leaving out the human element in order to streamline and automate work processes.
Torii announced a report revealing that 69% of tech executives believe shadow IT is a top concern related to SaaS - or cloud application - adoption. The majority of respondents have made exceptions to their SaaS security protocols, with 80% doing so because the applications were adopted outside IT's purview.
A new survey from the Cloud Security Alliance found that IT teams don't have a complete picture of SaaS in use by business units. Too many departments with access to SaaS security settings: 35%. Lack of visibility into changes into the SaaS security settings: 34%. Forty percent of respondents said that business departments, such as legal, marketing and sales, have access to security settings.
"Many recent breaches and data leaks have been tied back to misconfigurations. Whereas most research related to misconfigurations has focused strictly on the IaaS layers and entirely ignores the SaaS stack, SaaS security and misconfigurations are equally, if not more, important when it comes to an organization's overall security." "We wanted to gain a deeper understanding of the use of SaaS applications, how security assessments are conducted and the overall awareness of tools that can be used to secure SaaS applications," said Hillary Baron, lead author and research analyst, Cloud Security Alliance.
Security from Device to SaaS - securing a SaaS environment isn't enough when it comes to protecting against a breach. SSO does not go far enough, and organizations that take SaaS security seriously must also include MFA security measures.
Software-as-a-service companies saw their revenue growth slow by 46% in 2021 compared to 2020, according to a study by Paddle. In 2020, SaaS businesses' revenue grew on average by 78%, and showed no sign of slowing, and as a result, the market is now worth an estimated $145bn - up from $85bn in 2018.
Having SOC 2 compliance means you have implemented organizational controls and practices that provide assurance for the safeguarding and security of client data. After beginning our SOC 2 journey we realized that we did not have a great way to track the reasoning behind a required emergency change, and this was required for our SOC 2 audit.
In the wake of the SolarWinds and Kaseya attacks, third-party cybersecurity risks remain top of mind for security leaders. Third-party SaaS vendors have permeated every facet of our workflows and enmeshed itself across enterprise environments.