The 2022 SaaS Security Survey Report, in collaboration with CSA, examines the state of SaaS security as observed in the eyes of CISOs and security pros in today’s enterprises. The report gathers nameless responses from 340 CSA members to analyze not only the escalating risks in SaaS security but also how various organizations are now functioning to protected themselves.
The the greater part (71%) of respondents have been located in the Americas, a different 17% from Asia, and 13% from EMEA. Of these participants 49% affect the final decision-making procedure even though 39% run the system alone. The study examined organizations from a variety of industries, these as telecommunications (25%), finance (22%), and govt (9%).
While there are many takeaways from the study, these are our prime seven.
1: SaaS Misconfigurations are Leading to Security Incidents
Considering the fact that 2019, SaaS misconfigurations have turn out to be a major concern for companies, with at least 43% of organizations reporting they have dealt with one particular or extra security incidents brought about by a SaaS misconfiguration. Nevertheless, considering that lots of other companies state they are unaware if they had knowledgeable a security incident, the quantity of SaaS misconfigured-associated incidents could be as significant as 63%. These figures are putting when in comparison to the 17% of security incidents induced by IaaS misconfiguration.
Determine 1. Firms expert a security incident because of to a SaaS misconfiguration
Discover how to prevent misconfigurations in your SaaS stack
2: Lack of Visibility and too Numerous Departments with Entry Described as Major Trigger for SaaS Misconfigurations
So what exactly is the result in of these SaaS misconfigurations? While there are various components to look at, the study respondents slender it down to the two leading leads to – getting much too a lot of departments with obtain to SaaS security options (35%), and a absence of visibility into the modifications in the SaaS security settings (34%). These are two associated issues, neither of which are astonishing supplied that deficiency of visibility was rated a top issue when adopting SaaS programs, and that on average organizations have several departments with obtain to security settings. A single of the primary explanations for the lack of visibility is the point that too many departments have access to security configurations, and a lot of of these departments never have suitable instruction and aim on security.
Figure 2. The major results in of SaaS misconfigurations
3: Financial commitment in Enterprise-Critical SaaS Programs are Outpacing SaaS Security Equipment and Staff members
It truly is nicely-recognised that businesses are adopting more apps – this earlier calendar year by yourself, 81% of respondents say that they have enhanced their investments in business enterprise-critical SaaS applications. On the other hand, investment decision in security instruments (73%) and team (55%) for SaaS security is decrease. This dissonance represents an rising load on the existing security groups to observe SaaS security.
Determine 3. Companies’ investment decision in SaaS applications, security tools, and team
4: Manual detection and remediation of SaaS misconfigurations retains businesses uncovered
46% of organizations that manually observe their SaaS security are conducting checks only when a month or considerably less, even though 5% really don’t perform checks at all. Immediately after discovering a misconfiguration, it takes added time for security teams to solve it. About 1 in 4 organizations choose just one 7 days or for a longer period to solve a misconfiguration when remediating manually. This lengthy timing leaves organizations susceptible.
Figure 4. How normally firms to manually check out their SaaS misconfigurations
Determine 5. How long it can take organizations to manually fix SaaS misconfiguration
5: Use of an SSPM reduces timeline to detect and remediate SaaS misconfigurations
The flip aspect of the coin for discovering #4 is that the companies that have implemented an SSPM can more immediately and precisely detect and remediate their SaaS misconfigurations. The the vast majority of these corporations (78%) use an SSPM to check their SaaS security configurations once a 7 days or much more. When it arrives to resolving the misconfiguration, 81% of businesses employing an SSPM are ready to solve it within a working day to a week.
Figure 6. Frequency of SaaS security configuration checks
Determine 7. Length of time to take care of SaaS misconfigurations
Click on below to program a 15-minute demo of how Adaptive Defend SSPM can assist you
6: 3rd party app access is a best problem
Third-party apps, also identified as no-code or small-code platforms, can increase efficiency, help hybrid get the job done, and are overall necessary in making and scaling a firm’s function procedures. However, lots of users rapidly join 3rd party applications devoid of looking at what authorization these apps are requesting. As soon as recognized, the permissions and subsequent access granted to these 3rd party applications could be harmless or as destructive as an executable file. Devoid of visibility into the SaaS-to-SaaS provide chain, employees are connecting to their organization’s company-critical applications, security groups are blind to a lot of potential threats. As corporations go on to adopt SaaS programs, a single of their best fears is the absence of visibility, especially that of 3rd-party application obtain to the core SaaS stack (56%).
Figure 8. Companies’ best issue when adopting SaaS applications
Setting up In advance and Employing SSPM
Irrespective of the classification getting launched to the market place two years back, it is speedy maturing. When assessing 4 cloud security alternatives, SSPM receives an common ranking of “somewhat acquainted.” Additionally, 62% of respondents report that they are presently working with an SSPM or plan to employ just one in the coming 24 months.
Determine 9. Firms at the moment working with or preparing to use SSPM
The 2022 SaaS Security Survey Report provides insights into how businesses are applying and safeguarding their SaaS apps. It is without having a doubt that as businesses go on to adopt far more company-critical SaaS applications, there is much more risk. To face this challenge head-on organizations should get started securing them selves via two ideal practices:
- The initial becoming to permit security groups to attain total visibility into all SaaS app security settings, which include 3rd party app access and person permissions, which in turn enables departments to keep their access without the need of risk of earning incorrect modifications that depart the organization vulnerable.
- Next, corporations ought to utilize automated resources, these as SSPMs, to constantly monitor and quickly remediate SaaS security misconfigurations. These automated instruments allow security teams to acknowledge and resolve issues in in the vicinity of-authentic time, lessening the overall time the business is remaining susceptible or stopping the dilemma from taking place all collectively.
Both of those of these alterations deliver guidance to their security group while not stopping departments from continuing their operate.
Identified this posting intriguing? Comply with THN on Fb, Twitter and LinkedIn to examine extra unique content material we post.
Some areas of this report are sourced from: