Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

7 Key Findings from the 2022 SaaS Security Survey Report

May 19, 2022

The 2022 SaaS Security Survey Report, in cooperation with CSA, analyzes the state of SaaS protection as seen in the eyes of CISOs and also protection experts in today’s business. The record collects confidential actions from 340 CSA participants to analyze not just the expanding dangers in SaaS protection however additionally just how various companies are presently functioning to protect themselves.


The bulk (71%) of participants were situated in the Americas, an additional 17% from Asia, and also 13% from EMEA. Of these individuals 49% affect the decision-making procedure while 39% run the procedure itself. The study took a look at companies from a selection of sectors, such as telecoms (25%), money (22%), and also federal government (9%).

While there are lots of takeaways from the study, these are our leading 7.

1: SaaS Misconfigurations are Causing Protection Incidents

Given That 2019, SaaS misconfigurations have actually ended up being a leading issue for companies, with a minimum of 43% of companies reporting they have actually managed several protection occurrences brought on by a SaaS misconfiguration. Nonetheless, given that lots of various other companies specify they are uninformed if they had actually experienced a protection occurrence, the variety of SaaS misconfigured-related occurrences can be as high as 63% These numbers stand out when contrasted to the 17% of protection occurrences brought on by IaaS misconfiguration.

Number 1. Firms experienced a protection occurrence as a result of a SaaS misconfiguration

Learn how to prevent misconfigurations in your SaaS stack

2: Absence of Presence and also way too many Departments with Accessibility Reported as Leading Reason for SaaS Misconfigurations

So exactly what is the source of these SaaS misconfigurations? While there are numerous variables to take into consideration, the study participants tighten it to both leading reasons– having a lot of divisions with accessibility to SaaS protection setups (35%), and also an absence of presence right into the adjustments in the SaaS protection setups (34%). These are 2 associated concerns, neither of which are unusual considered that absence of presence was ranked a leading issue when taking on SaaS applications, which typically companies have numerous divisions with accessibility to protection setups. Among the leading factors for the absence of presence is the reality that a lot of divisions have accessibility to protection setups, and also most of these divisions do not have correct training and also concentrate on protection.

Number 2. The major root causes of SaaS misconfigurations

3: Financial Investment in Business-Critical SaaS Applications are Surpassing SaaS Protection Devices and also Personnel

It’s popular that companies are taking on even more applications– this previous year alone, 81% of participants claim that they have actually raised their financial investments in business-critical SaaS applications. On the various other hand, financial investment in protection devices (73%) and also team (55%) for SaaS protection is reduced. This harshness stands for a boosting problem on the existing protection groups to keep track of SaaS protection.

Number 3. Firms’ financial investment in SaaS applications, protection devices, and also team

4: Hands-on discovery and also removal of SaaS misconfigurations maintains companies revealed

46% of companies that by hand check their SaaS protection are carrying out checks just as soon as a month or much less, while 5% do not carry out checks whatsoever. After uncovering a misconfiguration, it takes added time for protection groups to solve it. About 1 in 4 companies take one week or longer to deal with a misconfiguration when remediating by hand. This prolonged timing leaves companies prone.

Number 4. Exactly how frequently firms to by hand inspect their SaaS misconfigurations
Number 5. How much time it takes firms to by hand repair SaaS misconfiguration

5: Use an SSPM lowers timeline to spot and also remediate SaaS misconfigurations

The other side of the coin for discovering # 4 is that the companies that have actually carried out an SSPM can faster and also properly spot and also remediate their SaaS misconfigurations. Most of these companies (78%) make use of an SSPM to inspect their SaaS protection setups as soon as a week or even more. When it pertains to settling the misconfiguration, 81% of companies utilizing an SSPM have the ability to solve it within a day to a week.

Number 6. Regularity of SaaS protection arrangement checks
Number 7. Size of time to repair SaaS misconfigurations

Click here to schedule a 15-minute demo of how Adaptive Shield SSPM can help you

6: 3rd celebration application gain access to is a leading issue

Third-party applications, additionally called no-code or low-code systems, can increase efficiency, allow hybrid job, and also are general important in structure and also scaling a firm’s job procedures. Nonetheless, lots of individuals swiftly link third celebration applications without considering what approval these applications are asking for. As soon as approved, the authorizations and also succeeding gain access to given to these third celebration applications can be safe or as destructive as an executable data. Without presence right into the SaaS-to-SaaS supply chain, workers are linking to their company’s business-critical applications, protection groups are callous lots of prospective hazards. As companies remain to embrace SaaS applications, among their leading problems is the absence of presence, particularly that of third-party application accessibility to the core SaaS pile (56%).

Number 8. Firms’ leading issue when taking on SaaS applications

Preparation Ahead and also Implementing SSPM

Regardless of the classification being presented to the marketplace 2 years earlier, it is rapid growing. When evaluating 4 cloud protection services, SSPM gets an ordinary ranking of “rather acquainted.” Moreover, 62% of participants report that they are currently utilizing an SSPM or strategy to execute one in the coming 24 months.

Number 9. Firms presently utilizing or preparing to make use of SSPM


The 2022 SaaS Protection Study Record supplies understandings right into just how companies are utilizing and also safeguarding their SaaS applications. It lacks an uncertainty that as firms remain to embrace even more business-critical SaaS applications, there is even more danger. To encounter this difficulty head-on firms must start protecting themselves via 2 finest methods:

  • The very first being to allow protection groups to obtain complete presence right into all SaaS application protection setups, consisting of third celebration application gain access to and also customer authorizations, which subsequently permits divisions to preserve their gain access to without danger of making inappropriate adjustments that leave the company prone.
  • Second of all, firms must make use of automatic devices, such as SSPMs, to constantly keep track of and also swiftly remediate SaaS protection misconfigurations. These automated devices enable protection groups to acknowledge and also repair concerns in near-real time, minimizing the general time the company is left prone or protecting against the issue from taking place completely.

Both of these adjustments supply assistance to their protection group while not protecting against divisions from proceeding their job.


Posted in SecurityTags:
Write a comment