Suridata, a leader in SaaS security solutions, is proud to announce the release of its latest trend report. This report provides an in-depth analysis of the current state of SaaS security based on a survey of IT and security professionals, coupled with data from the Suridata platform.
Also Read:Â The Dynamic Duo: How CMOs and CIOs Are Shaping the Future of Business
Key Findings:
1.  Shadow SaaS: Unmanaged SaaS applications remain a critical blind spot, especially in mid-market companies, where 54% of SaaS applications are unknown or unmanaged.
2.  Widespread SaaS Security Risks: The report reveals that a staggering 88% of organizations have experienced a SaaS breach, despite 41% of respondents rating their SaaS security as “Good” or “Excellent.”
3.  Configuration Issues: Misconfigurations in identity and access control, data and sharing permissions, session management, and password security are prevalent, posing substantial risks.
4.  Inefficient Monitoring: Monitoring of third-party, machine-to-machine SaaS integrations is inadequate, with many organizations relying on periodic manual reviews or “need to” basis assessments.
5.  Mixed Efficacy of Countermeasures: Existing security measures, particularly those addressing third-party integration and machine-to-machine risks, are found to be deficient.
6.  Variations by Organization Size: Mid-market firms (1,000-5,000 employees) face more SaaS security challenges compared to larger enterprises, including higher incidences of Shadow SaaS and unauthorized use of Generative AI tools.
7.  Data Leakage Concerns: Data leakage or loss was cited as the most significant security challenge by 28% of respondents.
Also Read:Â Top Misconceptions Around Data Operations and Breaking Down the Role of a VP of Data Ops
Executive Summary:
The report emphasizes that SaaS security requires distinct approaches compared to traditional on-premises software. SaaS environments are prone to misconfigurations, unsecure third-party connections, and identity and access management issues. The findings highlight the need for improved security practices and more robust configuration management to safeguard against these risks.
Research Insights:
- Responsibility for SaaS Security: 49% of respondents indicated that the IT department is responsible for SaaS security, followed by the InfoSec department at 36%.
- Perception vs. Reality: Despite high self-perceived ratings of SaaS security, the report shows a disconnect with actual breach experiences.
- Security Measures: IdP/SSO and MFA are the leading security measures, yet 16% of employees still operate without SSO enforcement.
- Generative AI Usage: The use of Generative AI tools without authorization is highest among mid-market companies.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
