58% of organizations experienced a SaaS security incident in the past year, new report says
A new report from Valence Security has revealed that 58% of organizations experienced at least one SaaS security incident in the last year. The report acknowledged the transformative power of SaaS applications but said it had resulted in significant security challenges.
Key security challenges identified
One of the major challenges identified is the distributed management of SaaS applications, which often reside outside the direct control of IT and security teams (Shadow IT). According to Valence Security, 50% of security executives view this lack of centralized oversight as a major obstacle.
Additionally, 43% of respondents cited the complexity of SaaS configurations as a primary issue, with each application having its unique security settings and permissions.
Valence’s report also notes that traditional security tools like Cloud Access Security Brokers (CASBs) fall short in addressing modern SaaS security risks. While CASBs are widely used for user access control, they lack visibility into application-specific settings, creating blind spots that are increasingly exploited by attackers.
In response, many organizations are turning to SaaS Security Posture Management (SSPM) solutions, which provide more granular visibility into SaaS configurations and security settings.
The Impact of Generative AI on SaaS Security
The adoption of Generative AI (GenAI) tools within SaaS platforms has added another layer of complexity. Half of the surveyed security leaders identified GenAI governance as a top security challenge.
Many of these tools often require access to sensitive data, increasing the potential for unauthorized data access. The report warns that without careful monitoring and governance, GenAI tools could inadvertently expose sensitive information, posing additional risks.
Recommendations for Enhanced SaaS Security
To combat these challenges, Valence recommends adopting a proactive approach to SaaS security with continuous monitoring, automated access controls, and stringent lifecycle management for third-party integrations.
The report stresses the importance of managing both human and non-human identities, as compromised service accounts and API keys have been implicated in numerous high-profile breaches. Valence also advises implementing a robust offboarding process to mitigate the risks associated with unused accounts and integrations.
Conclusion
With SaaS applications serving as the backbone of modern businesses, the risks associated with these platforms cannot be ignored. The 2024 State of SaaS Security Report serves as a wake-up call for organizations to prioritize SaaS security, and adopt more comprehensive and proactive protection measures.
Comments