New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021

For yrs, stability professionals have identified the need to have to boost SaaS stability. Even so, the exponential adoption of Computer software-as-a-Service (SaaS) apps around 2020 turned sluggish-burning embers into a raging fireplace.

Corporations control anywhere from thirty-five to much more than a hundred apps. From collaboration resources like Slack and Microsoft Groups to mission-vital applications like SAP and Salesforce, SaaS purposes act as the basis of the contemporary enterprise. 2020 created an urgent will need for stability solutions that mitigate SaaS misconfiguration challenges.

Recognizing the value of SaaS protection, Gartner named a new category, SaaS Security Posture Management (SSPM), to distinguish remedies that have the capabilities to present a constant evaluation of protection dangers arising from a SaaS application’s deployment.

To comprehend how protection teams are at the moment dealing with their SaaS security posture and what their most important problems are, Adaptive Defend, a main SSPM option, commissioned an impartial survey of 300 InfoSecurity gurus from North The usa and Western Europe, in providers ranging from 500 to additional than 10,000 personnel.

The effects of the 2021 SaaS Security Survey Report existing a image of prevalent SaaS application protection issues as well as uncovers significantly less-than-finest methods businesses are turning to de facto, although hoping to manage the mind-boggling total of SaaS stability configurations.

Discover more about how to attain control of your SaaS Protection

Understanding the SaaS Stability Management Landscape

SaaS applications give effortless-to-use, scalable alternatives that present a large range of indigenous safety controls. However, eventually the configuration of all the options, user permissions, and compliance falls on the stability specialists to control.

SaaS Misconfiguration Concerns

85% of respondents in the 2021 SaaS Stability Survey Report cited SaaS misconfigurations as one particular of the leading a few hazards going through their organization. Curiously, the other protection pitfalls that topped the checklist – account hijacking and knowledge leakage – as properly as several of the other people on the list, can also stem straight from SaaS misconfigurations. For case in point, a misconfiguration in Jira led to details leakage for lots of Fortune 500 providers, such as opportunity exposure for electronic mail addresses and IDs, employee roles, existing projects and milestones, and a lot more.

SaaS Security
Determine 1 taken from the 2021 SaaS Stability Study Report

Much more Apps Suggest A lot less Checking

Though this appears counterintuitive at 1st, upon even more thought, ‘more applications means significantly less monitoring’ would make sense for the business managing the monitoring procedure manually. The respondents to the study report that as organizations continue on to onboard additional applications, the organization is fewer prosperous in checking their applications. In reality, according to the respondents, only 12% of businesses working with 50-99 purposes engage in weekly misconfiguration checks.

With every app obtaining its personal structure, configurations, person roles, and distinctive permissions, and in a dynamic environment with a continual turnover of workers, automated software program updates, and sophisticated cross-section requirements, it can make sense that organizations can eliminate handle the extra applications they onboard.

SaaS Security
Figure 2 taken from the 2021 SaaS Stability Study Report

Delegating Safety Impacts Risk

With the scope of the at any time-developing portfolio of SaaS app estate, 52% of respondents report consistently placing obligation for checking and preserving SaaS protection into the hands of the SaaS proprietor. The dependable get-togethers are generally in spots like Sales, Advertising, or Merchandise. Sadly, these stakeholders generally have minimal to no safety qualifications or abilities.

SaaS Security

SSPM Is a 2021 Leading Priority

An SSPM’s crucial capabilities enable protected cloud configuration:

  • Compliance assessment
  • Operational checking
  • Danger identification
  • Coverage enforcement
  • Menace evaluation

As CSPM and CASB equipment usually are not constructed to address the challenges of a SaaS setting, SSPM has risen to the prime of the organization agenda and is the leading decide in terms of priorities in 2021. 48% of respondents named SSPM equipment as the #1 item on their priority checklist.

SaaS Security

Security groups want comprehensive and steady visibility into their SaaS software security posture, and SSPM methods provide these functionalities.

Learn how Adaptive Shield’s SSPM Option Decreases Misconfigurations

Automating SaaS Stability with Adaptive Protect

Automating maintenance of protection options and controls can permit protection groups to just take regulate of their SaaS programs.

SaaS Security Posture Administration (SSPM), like Adaptive Defend, features a strong platform designed uniquely to help safety teams to proactively keep steady protection across their interconnected, divergent SaaS application estate.

Controlling SaaS application protection adaptively indicates entire visibility and threats across the whole SaaS application estate, from online video conferencing platforms and buyer help equipment to HR management units, dashboards and workspaces, and much additional. Adaptive Shield:

  • Leverages designed-in safety settings/controls to learn all gaps and correct them automatically proactively.
  • Constantly monitors worldwide configurations and consumer privileges to validate there are no breaches or drifts.
  • Gives a detailed financial institution of SaaS application integrations with much more SaaS applications included by the 7 days.
  • Permits swift remediation for SaaS stability difficulties from starting to finish.
  • Displays the wellbeing of the organization’s SaaS security posture in a single area for info-driven decision producing.
  • Normally takes minutes to deploy for zero organization disruption

By automating checking and enforcement with Adaptive Protect, protection groups no extended have to have to delegate obligation to app house owners, or have no visibility to the management of the security settings of the SaaS.

Get the full 2021 SaaS Stability Study Report below, or access out to a single of Adaptive Shield’s security industry experts about your individual one of a kind SaaS atmosphere.

Fibo Quantum