Over 55% of safety executives report that they’ve skilled a SaaS safety incident up to now two years — starting from information leaks and information breaches to SaaS ransomware and malicious apps (as seen in figures 1 and a pair of).
 |
| Determine 1. What number of organizations have skilled a SaaS safety incident inside the previous two years |
The SaaS Safety Survey Report: Plans and Priorities for 2024, developed by CSA along side Adaptive Defend, dives into these SaaS safety incidents and extra. This report shares the attitude of over 1,000 CISOs and different safety professionals and shines a lightweight on SaaS dangers, current threats, and the way in which organizations are getting ready for 2024.
Click on right here to obtain the total report.
SaaS Safety Incidents Are on the Rise
Anecdotally, it was clear that SaaS safety incidents elevated during the last 12 months. Extra headlines and tales coated SaaS breaches and information leaks than ever earlier than. Nonetheless, this report gives a shocking context to these headlines.
As seen in determine 1, an astounding 55% of organizations had a SaaS incident inside the previous 24 months. These incidents included information leaks (58%), malicious third-party functions (47%), information breaches (41%), and SaaS ransomware (40%), as seen in determine 2.
 |
| Determine 2. The kinds of safety incidents organizations have skilled |
Present SaaS Methods Aren’t Going Far Sufficient
One motive for the rise in safety incidents is that present options aren’t being deployed broadly sufficient. 7% of respondents claimed to have 100% of their SaaS stack monitored with 68% reporting that they had been monitoring lower than half their SaaS stack.
The present SaaS safety practices, like Cloud Entry Safety Brokers (CASB) and guide audits, should not sufficient to cowl the SaaS stack. Sadly, these options are unable to fulfill the rising use and calls for of the fashionable SaaS stack. Firms right this moment must safe a whole bunch of hundreds of configurations and oversee hundreds of consumer accounts whereas vetting hundreds of third-party related functions, that are past the capabilities of CASBs and overwhelm the assets of any guide effort.
 |
| Determine 3. Proportion of the SaaS apps being absolutely coated and monitored by CASB or guide audits |
App Possession is Widespread
In response to rising SaaS incidents, organizations report that they’re now prioritizing SaaS Safety. The survey reveals that extra executive-level leaders are concerned in securing their SaaS stack and CISOs and safety managers are seemingly transitioning from the position of controllers to that of governors in securing the SaaS stack.
There are layers of accountability concerned in securing every app as oftentimes the possession of the app sits in several enterprise departments all through the group, whereas it is the safety workforce that’s the one in the end accountable.
 |
| Determine 4: Extra roles concerned in SaaS safety make it tough to know who’s accountable |
SaaS Safety Plans for 2024
The report additionally shines a lightweight on how organizations are creating insurance policies and processes to cope with key SaaS safety points. Whereas many have a option to go, they’re constructing a powerful basis for these domains:
- SaaS misconfigurations
- Third-party related apps
- Consumer gadgets which might be accessing SaaS apps
- Identification and entry governance
- Menace detection
- Information loss administration
Firms Are Growing Funding in SaaS and SaaS Safety
Along with enhancing their insurance policies and including government stakeholders, it is not stunning that organizations have elevated their SaaS spending as nicely. Over the past 12 months, 71% of organizations have elevated their funding in SaaS safety instruments, whereas 63% have both employed extra personnel or elevated coaching for SaaS safety.
 |
| (Left) Group’s change in investments over the previous 12 months | (Proper) Determine 6. What number of organizations are at the moment utilizing or plan to make use of an SSPM platform |
One key space of funding has been SaaS safety. A 12 months in the past, within the 2022 State of SaaS Safety Report, 17% of respondents report having a SaaS Safety Posture Administration (SSPM) instrument in place. That quantity has practically tripled since, rising to 44%, with an extra 36% intending so as to add an SSPM to their SaaS safety stack inside the subsequent 18 months. This brings the entire of safety executives already utilizing SSPMs or planning to convey them on to 80%.
Among the many causes for this sudden improve is the reported must mitigate SaaS threats (31%), enhance their firm’s SaaS posture (29%), and save time within the administration and upkeep of their SaaS stack (23%).
 |
| Determine 7. Prime anticipated advantages from an SSPM answer |
A Image of Challenges and Hope
Finally, the SaaS Safety Survey Report: 2024 Plans and Priorities report displays and quantifies lots of the modifications affecting this business over the previous 12 months. Menace actors are tempted by the seemingly low-hanging, high-value fruit inside the SaaS ecosystem. SaaS safety cybersecurity incidents are up by 12% over one 12 months in the past, and the kinds of assaults — breaches, information loss, and ransomware — are vital.
Nonetheless, organizations are rising to the problem of defending their SaaS stack. Whether or not they had been initially drawn to SaaS functions for the fee financial savings, ease of entry, or collaborative nature of the instrument, they now acknowledge the necessity to safe their belongings and the info contained inside.
It isn’t stunning that they’ve turned to the SSPM market. By serving to organizations determine and safe misconfigurations, defend themselves from intrusive third-party app scopes, handle customers and gadgets, and detect threats from throughout the SaaS stack, SSPMs supply hope that the delicate and business-critical information saved inside the SaaS stack will be tightly secured.
Find out how an SSPM may help you safe your whole SaaS stack.