The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the findings of its latest survey, 2022 SaaS Security Survey Report. Commissioned by Adaptive Shield, a leading SaaS Security Posture Management (SSPM) company, the survey offers insight into the industry’s knowledge, attitudes, and opinions regarding SaaS security and related misconfigurations.
Top iTechnology Digital Trasformation News: Chronic Data Readiness Issues Impeding Digital Transformation in Healthcare
“Many recent breaches and data leaks have been tied back to misconfigurations. Whereas most research related to misconfigurations has focused strictly on the IaaS layers and entirely ignores the SaaS stack, SaaS security and misconfigurations are equally, if not more, important when it comes to an organization’s overall security. We wanted to gain a deeper understanding of the use of SaaS applications, how security assessments are conducted and the overall awareness of tools that can be used to secure SaaS applications,” said Hillary Baron, lead author and research analyst, Cloud Security Alliance.
“This survey shines a light on what CISOs and cybersecurity managers are looking for and need when it comes to securing their SaaS stack — from visibility, continuous monitoring and remediation to other ever-growing, critical use cases such as 3rd party application control and device posture monitoring,” asserted Maor Bin, CEO and co-founder of Adaptive Shield. “The SSPM market is maturing rapidly — and this type of zero-trust approach for SaaS is where the SSPM market is going.”
Top iTechnology Cloud News: Inseego Appoints Chuck Becher as SVP and GM of Carrier Solutions
Among the survey’s key findings:
- SaaS misconfigurations are leading to security incidents. At least 43 percent of organizations report that they have dealt with one or more security incidents because of a SaaS misconfiguration.
- The leading causes of SaaS misconfigurations are lack of visibility into changes into the SaaS security settings (34%) and too many departments with access to SaaS security settings (35%).
- Investment in business-critical SaaS applications is outpacing SaaS security tools and staff. Over the past year, 81 percent of organizations have increased their investment in business-critical SaaS applications, but fewer organizations reported increasing their investment in security tools (73%) and staff (55%) for SaaS security.
- Manually detecting and remediating SaaS misconfigurations is leaving organizations exposed. Nearly half (46%) can only check monthly or less frequently, and another 5 percent don’t check at all, meaning that misconfigurations could go undetected for a month or longer.
- The use of an SSPM reduces the timeline to detect and remediate SaaS misconfigurations. Organizations that use an SSPM can detect and remediate their SaaS misconfigurations significantly quicker — 78 percent checked their SaaS security configurations weekly or more, compared to those not utilizing an SSPM, where only 45 percent were able to check at least weekly.
The survey, which was conducted with Adaptive Shield, gathered 340 responses from IT and security professionals from various organization sizes, industries, locations, and roles. Sponsors are CSA Corporate Members who support the research project’s findings but have no added influence on the content development or editing rights of CSA research.
Top iTechnology IT And DevOps News: Asia Pacific’s IT, Business Services Market Up in Q1, But Growth Remains Uneven, ISG Index Finds
[To share your insights with us, please write to sghosh@martechseries.com]