• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
7 key findings from the 2022 saas security survey report

7 Key Findings from the 2022 SaaS Security Survey Report

You are here: Home / General Cyber Security News / 7 Key Findings from the 2022 SaaS Security Survey Report
May 19, 2022

The 2022 SaaS Security Survey Report, in collaboration with CSA, examines the state of SaaS security as observed in the eyes of CISOs and security pros in today’s enterprises. The report gathers nameless responses from 340 CSA members to analyze not only the escalating risks in SaaS security but also how various organizations are now functioning to protected themselves.

Demographics

The the greater part (71%) of respondents have been located in the Americas, a different 17% from Asia, and 13% from EMEA. Of these participants 49% affect the final decision-making procedure even though 39% run the system alone. The study examined organizations from a variety of industries, these as telecommunications (25%), finance (22%), and govt (9%).

While there are many takeaways from the study, these are our prime seven.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


1: SaaS Misconfigurations are Leading to Security Incidents

Considering the fact that 2019, SaaS misconfigurations have turn out to be a major concern for companies, with at least 43% of organizations reporting they have dealt with one particular or extra security incidents brought about by a SaaS misconfiguration. Nevertheless, considering that lots of other companies state they are unaware if they had knowledgeable a security incident, the quantity of SaaS misconfigured-associated incidents could be as significant as 63%. These figures are putting when in comparison to the 17% of security incidents induced by IaaS misconfiguration.

Determine 1. Firms expert a security incident because of to a SaaS misconfiguration

Discover how to prevent misconfigurations in your SaaS stack

2: Lack of Visibility and too Numerous Departments with Entry Described as Major Trigger for SaaS Misconfigurations

So what exactly is the result in of these SaaS misconfigurations? While there are various components to look at, the study respondents slender it down to the two leading leads to – getting much too a lot of departments with obtain to SaaS security options (35%), and a absence of visibility into the modifications in the SaaS security settings (34%). These are two associated issues, neither of which are astonishing supplied that deficiency of visibility was rated a top issue when adopting SaaS programs, and that on average organizations have several departments with obtain to security settings. A single of the primary explanations for the lack of visibility is the point that too many departments have access to security configurations, and a lot of of these departments never have suitable instruction and aim on security.

Figure 2. The major results in of SaaS misconfigurations
3: Financial commitment in Enterprise-Critical SaaS Programs are Outpacing SaaS Security Equipment and Staff members

It truly is nicely-recognised that businesses are adopting more apps – this earlier calendar year by yourself, 81% of respondents say that they have enhanced their investments in business enterprise-critical SaaS applications. On the other hand, investment decision in security instruments (73%) and team (55%) for SaaS security is decrease. This dissonance represents an rising load on the existing security groups to observe SaaS security.

Determine 3. Companies’ investment decision in SaaS applications, security tools, and team
4: Manual detection and remediation of SaaS misconfigurations retains businesses uncovered

46% of organizations that manually observe their SaaS security are conducting checks only when a month or considerably less, even though 5% really don’t perform checks at all. Immediately after discovering a misconfiguration, it takes added time for security teams to solve it. About 1 in 4 organizations choose just one 7 days or for a longer period to solve a misconfiguration when remediating manually. This lengthy timing leaves organizations susceptible.

Figure 4. How normally firms to manually check out their SaaS misconfigurations

Determine 5. How long it can take organizations to manually fix SaaS misconfiguration

5: Use of an SSPM reduces timeline to detect and remediate SaaS misconfigurations

The flip aspect of the coin for discovering #4 is that the companies that have implemented an SSPM can more immediately and precisely detect and remediate their SaaS misconfigurations. The the vast majority of these corporations (78%) use an SSPM to check their SaaS security configurations once a 7 days or much more. When it arrives to resolving the misconfiguration, 81% of businesses employing an SSPM are ready to solve it within a working day to a week.

Figure 6. Frequency of SaaS security configuration checks
Determine 7. Length of time to take care of SaaS misconfigurations

Click on below to program a 15-minute demo of how Adaptive Defend SSPM can assist you

6: 3rd party app access is a best problem

Third-party apps, also identified as no-code or small-code platforms, can increase efficiency, help hybrid get the job done, and are overall necessary in making and scaling a firm’s function procedures. However, lots of users rapidly join 3rd party applications devoid of looking at what authorization these apps are requesting. As soon as recognized, the permissions and subsequent access granted to these 3rd party applications could be harmless or as destructive as an executable file. Devoid of visibility into the SaaS-to-SaaS provide chain, employees are connecting to their organization’s company-critical applications, security groups are blind to a lot of potential threats. As corporations go on to adopt SaaS programs, a single of their best fears is the absence of visibility, especially that of 3rd-party application obtain to the core SaaS stack (56%).

Figure 8. Companies’ best issue when adopting SaaS applications

Setting up In advance and Employing SSPM

Irrespective of the classification getting launched to the market place two years back, it is speedy maturing. When assessing 4 cloud security alternatives, SSPM receives an common ranking of “somewhat acquainted.” Additionally, 62% of respondents report that they are presently working with an SSPM or plan to employ just one in the coming 24 months.

Determine 9. Firms at the moment working with or preparing to use SSPM

Summary

The 2022 SaaS Security Survey Report provides insights into how businesses are applying and safeguarding their SaaS apps. It is without having a doubt that as businesses go on to adopt far more company-critical SaaS applications, there is much more risk. To face this challenge head-on organizations should get started securing them selves via two ideal practices:

  • The initial becoming to permit security groups to attain total visibility into all SaaS app security settings, which include 3rd party app access and person permissions, which in turn enables departments to keep their access without the need of risk of earning incorrect modifications that depart the organization vulnerable.
  • Next, corporations ought to utilize automated resources, these as SSPMs, to constantly monitor and quickly remediate SaaS security misconfigurations. These automated instruments allow security teams to acknowledge and resolve issues in in the vicinity of-authentic time, lessening the overall time the business is remaining susceptible or stopping the dilemma from taking place all collectively.

Both of those of these alterations deliver guidance to their security group while not stopping departments from continuing their operate.

Identified this posting intriguing? Comply with THN on Fb, Twitter  and LinkedIn to examine extra unique content material we post.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «adsanity, accesspress plugins open scads of wordpress sites to takeover Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Next Post: Microsoft President: Cyber Space Has Become the New Domain of Warfare Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.