70 percent of companies have dedicated SaaS security teams


Organizations have prioritized investments in SaaS security; 70 percent have created dedicated SaaS security teams despite economic uncertainty and workforce reductions.

A new report from the Cloud Security Alliance (CSA), commissioned by cloud security specialist Adaptive Shield, also shows that 39 percent of organizations are increasing their SaaS cybersecurity budgets compared to last year.

“These results come after a year in which economic uncertainty and layoffs made headlines and speak volumes about organizations’ realization that even the most secure systems are vulnerable to increasingly inventive threat actors,” said Hillary Baron, lead author and senior technical director for research. at Cloud Security Alliance.

The research shows that SaaS-specific security roles exist. 57 percent of respondents have a SaaS security team of at least two dedicated full-time employees and another 13 percent have one dedicated full-time employee assigned.

This appears to be paying off: 25 percent of respondents say they have experienced a SaaS security incident in the past two years, compared to 53 percent last year. The most common security incidents are data breaches (52 percent) and data breaches (50 percent), followed by unauthorized access (44 percent) and malicious applications (38 percent).

However, organizations still struggle with managing misconfigurations, connected apps, and understanding security risks. The most difficult areas to manage in SaaS security, according to respondents, are gaining visibility into business-critical apps (73 percent); tracking and monitoring security risks of connected third-party apps (65 percent); detecting and resolving SaaS misconfigurations (65 percent); guaranteeing data management and privacy (63 percent); and aligning SaaS application settings with compliance standards (61 percent). These challenges arise from the use of tools such as CASB and manual audits. Companies that have implemented SaaS Security Posture Management (SSPM) are more than twice as likely to have full visibility into their SaaS stack: 62 percent of these organizations can monitor more than 75 percent of their SaaS environment compared to those that use other tools and manual processes in their strategy (31 percent).

Maor Bin, CEO and co-founder of Adaptive Shield says:

To be well-equipped to tackle today’s most advanced threats, large enterprises now understand that investing in preventative methods is the right approach. Organizations have amassed a wide range of single-use tools, exposing them to new attack surfaces and forcing them to manage many different solutions.

I’m not surprised to see the big leap in SaaS maturity; this corresponds 100 percent to the exponential and fast-growing demand we identify in the market. Just as Cloud Security Posture Management (CSPM) covers every security use case across cloud infrastructures, SaaS Security Posture Management (SSPM) is all about the consolidation of SaaS security attack surfaces.

The full report is available on the CSA site.

Photo credit: Wright Studio/Shutterstock