SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
IaaS
#
SaaS
SaaS spend eclipsing IaaS, but SaaS security not a priority
Fri, 2nd Sep 2022
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

Despite SaaS spend eclipsing IaaS, SaaS security is not a priority, according to new research.

Axonius has released the results of a new research study focused on SaaS usage among enterprises across the United States, United Kingdom, and Europe. The data highlights a striking difference between consumption and security of SaaS applications.

In fact, the majority of respondents (74%) reported more than half of their applications are now SaaS-based, and 66% reported spending more on SaaS applications today than a year ago.

But amid rising adoption and increasing costs, most organisations reported SaaS security lagged in urgency and priority. Of those surveyed, 60% ranked SaaS security fourth or lower on their list of current security priorities, and only 34% cited being worried about the costs associated with rising SaaS-based app usage.

"The biggest concern with SaaS adoption right now is that most organisations are underestimating the number of SaaS applications that exist within their environment," says Dean Sysman, chief executive officer and co-founder of Axonius.

"SaaS offers numerous benefits, including more flexibility, accessibility, productivity gains, and more - anyone can register for a SaaS app and connect it to work data. But that also presents enormous risk," he says.

"IT and security teams already struggle to identify the assets that exist within their organisations. SaaS apps further complicate their ability to gain visibility into data and interconnectivity, manage configurations, and close security gaps, as well as track licensing, usage, and spend."

Some 66% of organisations surveyed did admit the increase in SaaS applications has resulted in more complexity and increased security risk in their organisations. But when asked why security isn't more of a concern, organisations pointed to limited time and resources (28%), pressure to focus on other issues from the C-Suite (23%), and staffing shortages (15%).

"The appetite for SaaS will only continue to grow, further exacerbating data sprawl and security implications," adds Jerich Beason, Commercial Bank CISO and Axonius advisor.

"These risks are no longer hypothetical, and without full visibility into the SaaS application landscape, organisations will continue to find themselves vulnerable to data loss from shadow SaaS, non-compliance with federal and industry regulators, and financial strain from lack of insight into organisational spend. Businesses can no longer wait to rein in SaaS complexity," he says.

We're already witnessing the consequences of insecure SaaS environments. In March, identity and access management industry leader, Okta, announced that its platform has been the victim of a targeted security attack. In April, GitHub Security announced an investigation into abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. To address SaaS security risks, organisations may need to rethink their priorities and adopt a different approach to SaaS security.

Related stories
Half of online traffic in 2024 generated by bots, report finds
Keeper Security launches user-friendly passphrase generator
Axis unveils hybrid cloud platform for adaptable security solutions
Understanding the key to boosting cybersecurity habits: Kaspersky study
Spirent partners with online payments platform to boost cyber defenses
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services