SaaS security needs a more unified approach

New research commissioned by Valence Security from the Cloud Security Alliance looks at the current state of SaaS security to uncover key challenges and explore how organizations are securing and managing their SaaS environments.

It finds SaaS security is a top priority for 86 percent of organizations, with 76 percent of respondents saying they are increasing their budgets this year.

"SaaS has become a core part of modern business operations, but securing it remains a moving target. Despite growing investment in and prioritization of SaaS security, there remains an overconfidence in current Saas security strategies. The reality is that distributed adoption, inconsistent tools, and fragmented processes leave critical gaps in visibility, identity management, and third-party access," says Hillary Baron, lead author and AVP for research at the Cloud Security Alliance.

Despite organizations committing more resources to SaaS security, data oversharing (63 percent) and poor access control (56 percent) continue to expose them to risk, suggesting that many are still unable to establish the fundamental protections needed to secure sensitive data across their environments.

Although 79 percent of organizations express confidence in their programs, this high confidence level may be masking critical capability gaps with 55 percent of respondents saying that employees are adopting SaaS tools without security's involvement and 57 percent reporting they are grappling with fragmented SaaS security administration.

Access management remains a challenge too, 58 percent of respondents say enforcing proper privilege levels is difficult, and 54 percent lack automation for lifecycle management -- gaps which directly contribute to breaches, complicate incident response, and leave organizations exposed. SaaS-to-SaaS integrations and GenAI tools are expanding the attack surface, leaving nearly half of organizations (46 percent) struggling to monitor non-human identities (NHIs) and 56 percent concerned with over-privileged API access.

"The report's findings reveal a clear shift: SaaS security is no longer an afterthought. Organizations are not just recognizing its importance -- they're taking action to improve shadow SaaS discovery, posture management, and threat detection. As SaaS adoption accelerates, it's critical to ensure security strategies evolve in step with increasingly complex and interconnected SaaS ecosystems," says Yoni Shohet, CEO and co-founder of Valence Security.

You can get the full report on the Valence site.

Image credit: Tongsupatman/Dreamstime.com