Unveiling the Future of SaaS Security: Key Findings from more than 100 interviews
Kevin and I got interviews with a diverse range of organizations, reflecting a global perspective on SaaS security. While half of participants hailed from North American enterprises, the inclusion of European respondents adds depth and richness to the findings, highlighting the significance of SaaS security on a global scale.
Increased Focus on SaaS Security:
Organizations are increasingly prioritizing SaaS security in their strategic plans. As the adoption of SaaS applications continues to surge, businesses are recognizing the need to fortify their security postures to safeguard sensitive data and mitigate potential risks. There is a collective acknowledgment of the critical role that SaaS security plays in ensuring a secure cloud computing environment. 50% of organizations report that they experienced incidents in the past two years.
Key Priorities for SaaS Security:
Top priorities for organizations in terms of SaaS security are:
a. Comprehensive Coverage: Ensuring complete coverage across the entire SaaS stack emerged as a top priority. Organizations seek robust solutions that can protect all SaaS applications, leaving no security gaps.
b. Automated Security Controls: Automation was identified as a critical aspect of SaaS security. The ability to automate security controls, such as configuration audits, vulnerability assessments, and data leak detection, allows organizations to proactively address risks and minimize manual intervention.
c. Simplified Management: The survey underscores the need for user-friendly and intuitive SSPM platforms. As organizations face resource constraints and a shortage of cybersecurity experts, simplicity and ease of use become paramount in managing SaaS security effectively.
Cultural and Organizational Shift
- Strengthening SaaS Security: Expanding Focus and Coverage:
Organizations are taking a proactive approach to bolster their SaaS security by broadening their scope of concern within the SaaS ecosystem. This includes addressing critical areas such as SaaS-to-SaaS Access, Device-to-SaaS Risk Management, Identity and Access Governance, and more.
- Valuing Human Capital in SaaS Security:
Companies are increasingly recognizing the significance of human resources in safeguarding their SaaS ecosystem. While 68% of organizations are investing in hiring and training personnel dedicated to SaaS security, there is still room for improvement. Only 50% have successfully established effective communication and collaboration channels between their security and app owner teams.
- Monitoring Progress: A Call for Enhanced Vigilance:
Maintaining comprehensive oversight of the entire SaaS stack poses a challenge for organizations. Surprisingly, a mere 33% currently monitor less than half of their SaaS applications, indicating the need for heightened vigilance and broader coverage in their SaaS security initiatives.
- Diverse Stakeholder Engagement in SaaS App Security:
The responsibility for securing SaaS apps is no longer solely concentrated in the hands of CISOs and security managers. Instead, ownership has become more distributed, with different departments within organizations playing a crucial role in ensuring the security of their respective SaaS applications.