Enterprises increase their SaaS usage but neglect security risks
A new study of SaaS usage among enterprises across the US, UK and Europe shows 74 percent report more than half of their applications are now SaaS-based, and 66 percent are spending more on SaaS applications today than a year ago.
The study by cybersecurity asset management company Axonius shows the increase in SaaS applications has resulted in more complexity and increased security risk in 66 percent of organizations, but 60 percent rank SaaS security fourth or lower on their list of current security priorities, and only 34 percent say they're worried about the costs associated with rising SaaS-based app usage.
"The biggest concern with SaaS adoption right now is that most organizations are underestimating the number of SaaS applications that exist within their environment," says Dean Sysman, CEO and co-founder of Axonius. "SaaS offers numerous benefits, including more flexibility, accessibility, productivity gains, and more -- anyone can register for a SaaS app and connect it to work data. But that also presents enormous risk. IT and security teams already struggle to identify the assets that exist within their organizations. SaaS apps further complicate their ability to gain visibility into data and interconnectivity, manage configurations, and close security gaps, as well as track licensing, usage, and spend."
When asked why security isn't more of a concern, organizations point to limited time and resources (28 percent), pressure to focus on other issues from the C-Suite (23 percent), and staffing shortages (15 percent).
This despite the fact that the effects of insecure SaaS environments are already being seen, in March, identity and access management industry leader, Okta, announced that its platform has been the victim of a targeted security attack. In April, GitHub Security announced an investigation into abused stolen OAuth user tokens issued to two third-party OAuth integrators.
"The appetite for SaaS will only continue to grow, further exacerbating data sprawl and security implications," says Jerich Beason, Commercial Bank CISO and Axonius advisor. "These risks are no longer hypothetical, and without full visibility into the SaaS application landscape, organizations will continue to find themselves vulnerable to data loss from shadow SaaS, non-compliance with federal and industry regulators, and financial strain from lack of insight into organizational spend. Businesses can no longer wait to rein in SaaS complexity."
You can find out more on the Axonius blog.