Security News

Over 55% of security executives report that they have experienced a SaaS security incident in the past two years - ranging from data leaks and data breaches to SaaS ransomware and malicious apps. The SaaS Security Survey Report: Plans and Priorities for 2024, developed by CSA in conjunction with Adaptive Shield, dives into these SaaS security incidents and more.

Tech companies must take SaaS security seriously to prevent resources from leaking or being stolen. A strong SaaS posture is important for any company, but it is particularly important for organizations that store their proprietary code in SaaS applications.

These changes, coupled with the need for stronger collaboration with third-party vendors, have led them to SaaS applications to handle their CRM. Today, telecoms are using SaaS apps for billing, HR, call management, field operations management, tracking call center effectiveness, and hundreds of other applications. The advertisers are given access to the telecom's SaaS apps, where they can mine for data and develop powerful marketing and advertising campaigns.

The browser is also exposed to multiple types of cyber threats and operational risks. LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and geolocations.

Critical gaps in existing solutions' capabilities, security architecture that doesn't recognize the browser as a prominent, standalone attack surface, and low resilience to web-borne threats are among the findings of a global survey by LayerX. 150 CISOs across multiple geographies and verticals were polled about their security practices across various disciplines that ultimately come down to securing users, data, and applications within the browser: secure SaaS access, SaaS security and data protection, BYOD, phishing protection, and browser security posture. Respondents' answers were classified according to their architecture: all-SaaS, hybrid, and mostly on-prem, showing how the relative importance of the browser increases concerning the level of the organization's SaaS adoption.

According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. The exponential growth in SaaS usage has security and IT teams struggling to keep up with which SaaS applications are being used and how.

According to Statista, the average organization employs 100+ SaaS apps, many of which are unsanctioned by IT, creating a glaring gap in SaaS security. Rather than approaching Security or IT to understand policies for onboarding new SaaS solutions - and facing the likelihood of red tape, delays, or denial for their requests - they break out the credit card or opt for a 30-day free trial of the SaaS apps.

There are essentially two ways to share files and documents out of a SaaS application, although the terminology used by M365, Salesforce, Google Workspace, and Box is slightly different. Sharing a file with anyone who has the link is much less cumbersome.

While SSO is an important step in securing SaaS apps and their data, having just SSOs in place to secure the SaaS stack in its entirety is not enough. SSO alone won't prevent a threat actor from accessing a SaaS app.

Employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk. To handle the SaaS Security challenges, security teams need to address the entire SaaS ecosystem.