75 percent of SaaS applications pose a risk to enterprises
The past few years have seen massive growth in the number of SaaS applications used by enterprises, but new research from Spin AI shows that 75 percent of SaaS applications pose a high or medium risk to data stored in either Google Workspace or Microsoft 365.
On average, 35 percent of apps with OAuth permissions to Google Workspace or Microsoft 365 are classified as high risk. For large organizations (with more than 2,000 employees) 56.91 percent of apps pose a high risk.
The report notes several factors driving high application risk. These include difficulty in assessing and controlling the spread of SaaS apps, OAuth tokens that allow malicious applications to pose as legitimate, and assuming that tools like Microsoft Defender are assessing all application risk to Microsoft environments when they may be leaving gaps for risky apps to exploit.
When looking at Google Workspace environments, the report finds that over 43 percent of apps have access to read, compose, send, and permanently delete all user email from Gmail. While almost 46 percent have access to see, edit, create, and delete all user Google Drive files.
Approximately 56 percent of high-risk applications have extensive permissions, according to the report, and nearly 39 percent receive poor marketplace reviews.
The report's authors stress that, "Businesses must continuously evaluate SaaS applications and the risks they pose in the environment, as risk scores can change over time. For example, many organizations are reevaluating the use of LastPass by employees due to the recent data breach."
You can read more and get the full report on the Spin AI blog.