The 2022 SaaS Security Survey Report, in cooperation with CSA, takes a look at the state of SaaS protection as seen in the eyes of CISOs and also protection specialists in today’s business. The record collects confidential reactions from 340 CSA participants to analyze not just the expanding threats in SaaS protection yet likewise just how various companies are presently functioning to protect themselves.
The bulk (71%) of participants were found in the Americas, an additional 17% from Asia, and also 13% from EMEA. Of these individuals 49% affect the decision-making procedure while 39% run the procedure itself. The study checked out companies from a selection of markets, such as telecoms (25%), money (22%), and also federal government (9%).
While there are numerous takeaways from the study, these are our leading 7.
1: SaaS Misconfigurations are Causing Safety And Security Incidents
Considering That 2019, SaaS misconfigurations have actually ended up being a leading problem for companies, with a minimum of 43% of companies reporting they have actually taken care of several protection events brought on by a SaaS misconfiguration. Nonetheless, because numerous various other companies mention they are not aware if they had actually experienced a protection event, the variety of SaaS misconfigured-related events can be as high as 63% These numbers stand out when contrasted to the 17% of protection events brought on by IaaS misconfiguration.
|Number 1. Business experienced a protection event because of a SaaS misconfiguration|
2: Absence of Presence and also a lot of Departments with Accessibility Reported as Leading Reason for SaaS Misconfigurations
So exactly what is the reason for these SaaS misconfigurations? While there are a number of aspects to think about, the study participants tighten it to both leading reasons– having a lot of divisions with accessibility to SaaS protection setups (35%), and also an absence of exposure right into the adjustments in the SaaS protection setups (34%). These are 2 relevant problems, neither of which are shocking considered that absence of exposure was ranked a leading problem when embracing SaaS applications, which typically companies have several divisions with accessibility to protection setups. Among the leading factors for the absence of exposure is the reality that a lot of divisions have accessibility to protection setups, and also much of these divisions do not have appropriate training and also concentrate on protection.
|Number 2. The major reasons for SaaS misconfigurations|
3: Financial Investment in Business-Critical SaaS Applications are Surpassing SaaS Safety And Security Equipment and also Personnel
It’s popular that organizations are embracing even more applications– this previous year alone, 81% of participants claim that they have actually enhanced their financial investments in business-critical SaaS applications. On the various other hand, financial investment in protection devices (73%) and also team (55%) for SaaS protection is reduced. This harshness stands for a boosting concern on the existing protection groups to keep an eye on SaaS protection.
|Number 3. Business’ financial investment in SaaS applications, protection devices, and also team|
4: Hand-operated discovery and also removal of SaaS misconfigurations maintains companies revealed
46% of companies that by hand check their SaaS protection are carrying out checks just as soon as a month or much less, while 5% do not perform checks in all. After finding a misconfiguration, it takes extra time for protection groups to settle it. Roughly 1 in 4 companies take one week or longer to fix a misconfiguration when remediating by hand. This extensive timing leaves companies at risk.
|Number 4. Just how frequently firms to by hand inspect their SaaS misconfigurations|
|Number 5. The length of time it takes firms to by hand deal with SaaS misconfiguration|
5: Use an SSPM decreases timeline to discover and also remediate SaaS misconfigurations
The other hand of the coin for locating # 4 is that the companies that have actually applied an SSPM can faster and also precisely discover and also remediate their SaaS misconfigurations. Most of these companies (78%) make use of an SSPM to inspect their SaaS protection setups as soon as a week or even more. When it pertains to fixing the misconfiguration, 81% of companies making use of an SSPM have the ability to settle it within a day to a week.
|Number 6. Regularity of SaaS protection setup checks|
|Number 7. Size of time to deal with SaaS misconfigurations|
6: 3rd event application accessibility is a leading problem
Third-party applications, likewise called no-code or low-code systems, can increase performance, allow hybrid job, and also are general important in structure and also scaling a business’s job procedures. Nonetheless, numerous customers promptly attach third event applications without considering what authorization these applications are asking for. As soon as approved, the approvals and also succeeding accessibility given to these third event applications can be safe or as destructive as an executable documents. Without exposure right into the SaaS-to-SaaS supply chain, workers are attaching to their company’s business-critical applications, protection groups are callous numerous possible dangers. As companies remain to embrace SaaS applications, among their leading worries is the absence of exposure, particularly that of third-party application accessibility to the core SaaS pile (56%).
|Number 8. Business’ leading problem when embracing SaaS applications|
Preparation Ahead and also Implementing SSPM
Regardless of the classification being presented to the marketplace 2 years earlier, it is quick growing. When evaluating 4 cloud protection options, SSPM gets an ordinary ranking of “rather acquainted.” Moreover, 62% of participants report that they are currently making use of an SSPM or strategy to carry out one in the coming 24 months.
|Number 9. Business presently making use of or preparing to utilize SSPM|
The 2022 SaaS Protection Study Record supplies understandings right into just how companies are making use of and also securing their SaaS applications. It lacks a question that as firms remain to embrace even more business-critical SaaS applications, there is even more threat. To encounter this difficulty head-on firms need to start protecting themselves with 2 ideal techniques:
- The initial being to allow protection groups to acquire complete exposure right into all SaaS application protection setups, consisting of third event application accessibility and also customer approvals, which subsequently permits divisions to keep their accessibility without threat of making inappropriate adjustments that leave the company at risk.
- Second of all, firms need to make use of automatic devices, such as SSPMs, to constantly keep an eye on and also promptly remediate SaaS protection misconfigurations. These automated devices permit protection groups to identify and also deal with problems in near-real time, decreasing the general time the company is left at risk or avoiding the issue from happening entirely.
Both of these adjustments offer assistance to their protection group while not avoiding divisions from proceeding their job.