Organizations have prioritized investment in SaaS security, with 70 percent establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions.
A new report from the Cloud Security Alliance (CSA), commissioned by cloud security specialist Adaptive Shield, also finds 39 percent of organizations are increasing their SaaS cybersecurity budgets compared to last year.
“Coming off a year in which economic uncertainty and layoffs were making headlines, these results speak volumes to organizations’ realization that even the most secure systems are vulnerable to increasingly inventive threat actors,” says Hillary Baron, lead author and senior technical director for research at Cloud Security Alliance.
The survey identified the existence of SaaS-specific security roles, 57 percent of respondents have a SaaS security team of at least two dedicated full-time employees and another 13 percent have allocated one dedicated full-time employee.
This does seem to be paying off, 25 percent of respondents say they experienced a SaaS security incident in the past two years, compared with 53 percent last year. The most common security incidents reported are data breaches (52 percent) and data leakage (50 percent), followed by unauthorized access (44 percent) and malicious applications (38 percent).
However, organizations are still struggling to manage misconfigurations, connected apps, and visibility into security risks. The most difficult areas to manage in SaaS security, according to respondents, are achieving visibility into business-critical apps (73 percent); tracking and monitoring security risks from third-party connected apps (65 percent); locating and fixing SaaS misconfigurations (65 percent); ensuring data governance and privacy (63 percent); and aligning SaaS application settings with compliance standards (61 percent). These challenges stem from using tools such as CASB and Manual Audits. Companies who have adopted SaaS Security Posture Management (SSPM) are more than twice as likely to have full visibility into their SaaS stack — 62 percent of these organizations are able to oversee over 75 percent of their SaaS environment compared to those who utilize other tools and manual processes in their strategy (31 percent).
Maor Bin, CEO and co-founder of Adaptive Shield says:
To be well-equipped to tackle today’s most sophisticated threats, large enterprises now understand that investments in preventative methods are the right approach. Organizations have accumulated a wide range of tools that cover single use cases, leaving them exposed from new attack surfaces, and forcing them to manage many different solutions.
I am not surprised to see the major leap in SaaS maturity, this is 100 percent aligned with the exponential and rapidly growing demand we identify in the market. Just like Cloud Security Posture Management (CSPM) covers any security use case in Cloud Infrastructures, SaaS Security Posture Management (SSPM) is all about consolidation of SaaS security attack surfaces.
The full report is available from the CSA site.
Photo Credit: Wright Studio/Shutterstock
