2024 Plans and Priorities for SaaS Security


June 05, 2023Hacker NewsSaaS Security / Cyber ​​Threats

SaaS security

Over 55% of security executives report that they have experienced a SaaS security incident in the last two years — from data leaks and data breaches to SaaS ransomware and malicious apps (as seen in figures 1 and 2).

SaaS security
Figure 1. How many organizations have experienced SaaS security incidents in the last two years

That SaaS Security Survey Report: Plans and Priorities for 2024, developed by CSA in conjunction with Adaptive Shield, dives into these SaaS security incidents and more. This report shares the perspectives of more than 1,000 CISOs and other security professionals and highlights SaaS risks, existing threats, and how organizations can prepare for 2024.

Click here to download the full report.

SaaS Security Incidents Are On The Rise

Anecdotally, it’s clear that SaaS security incidents have increased over the past year. More headlines and stories covering SaaS breaches and data leaks than ever before. However, this report provides stunning context to those headlines.

As seen in figure 1, 55% of organizations experienced a SaaS incident in the last 24 months. These incidents include data leaks (58%), malicious third-party applications (47%), data breaches (41%), and SaaS Ransomware (40%), as seen in figure 2.

SaaS security
Figure 2. Types of security incidents experienced by organizations

The Current SaaS Strategy Is Not Enough

One of the reasons for the rise in security incidents is that current solutions are not widely used. 7% of respondents claim to have monitored 100% of their SaaS stack with 68% reporting that they monitor less than half of their SaaS stack.

Current SaaS security practices, such as Cloud Access Security Brokers (CASB) and manual auditing, are not sufficient to cover a SaaS stack. Unfortunately, these solutions are unable to meet the increasing usage and demands of modern SaaS stacks. Enterprises currently have to secure hundreds of thousands of configurations and oversee thousands of user accounts while checking thousands of connected third-party applications, which is beyond the capabilities of CASB and taxing the resources of any manual effort.

SaaS security
Figure 3. Percentage of SaaS applications that are fully covered and monitored by CASB or manual audits

Widespread Application Ownership

In response to increasing incidents of SaaS, organizations report that they are now prioritizing SaaS Security. Surveys show that more executive level leaders are involved in securing their SaaS stacks and CISOs and security managers appear to be moving from a controller role to a governor role in securing their SaaS stack.

There are layers of responsibility involved in securing each application because often the ownership of the application resides in different business departments throughout the organization, where the security team is most responsible.

SaaS security
Figure 4: The increasing number of roles involved in SaaS security makes it harder to know who is in charge

SaaS Security Plan for 2024

The report also highlights how organizations create policies and processes to address key SaaS security issues. While many have a way to go, they are building a solid foundation for this domain:

  • SaaS configuration error
  • Third party connected apps
  • User device accessing the SaaS application
  • Identity and access governance
  • Threat detection
  • Data loss management

Companies Increase Investment in SaaS and SaaS Security

In addition to improving their policies and adding executive stakeholders, it’s no surprise that organizations are also increasing their SaaS spending. Over the past year, 71% of organizations have increased their investment in SaaS security tools, while 63% have hired more personnel or increased training for SaaS security.

SaaS security
(Left) Figure 5. Changes in organizational investment over the past year | (Right) Figure 6. How many organizations are currently using or planning to use the SSPM platform

One of the main investment areas is SaaS security. A year ago, in the 2022 SaaS Security Report, 17% of respondents reported having a SaaS Security Posture Management (SSPM) tool. That number has nearly tripled since then, growing to 44%, with an additional 36% intending to add SSPM to their SaaS security stack in the next 18 months. This brings the total of security executives who are already using SSPM or planning to upgrade to 80%.

Among the reasons for this sudden increase are the reported need to mitigate SaaS threats (31%), improve their company’s SaaS posture (29%), and save time in managing and maintaining their SaaS stack (23%).

SaaS security
Figure 7. The top expected benefits of the SSPM solution

Pictures of Challenges and Hopes

Ultimately, the SaaS Security Survey Report: 2024 Plans and Priorities Report reflects and measures the many changes that have impacted the industry over the past year. Threat actors are seduced by the seemingly low-value, high-value fruit of the SaaS ecosystem. SaaS cybersecurity incidents are up 12% over a year ago, and the types of attacks — breaches, data loss, and ransomware — are significant.

However, organizations face challenges maintaining their SaaS stacks. Whether they were initially attracted to SaaS applications for the cost savings, ease of access, or collaborative nature of the tool, they now recognize the need to secure their assets and the data contained within them.

It’s not surprising that they turned to the SSPM marketplace. By helping organizations identify and secure misconfigurations, protect against disruptive third-party application scopes, manage users and devices, and detect threats from across the SaaS stack, SSPM offers hope that sensitive and business-critical data stored in the SaaS stack can be guaranteed to be tight.

Learn how SSPM can help you secure your entire SaaS stack.

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.


Source link

Related Articles

Back to top button