DoControl's recently released The State of SaaS Data Security 2024 report revealed a striking picture of ballooning SaaS asset and user numbers alongside security gaps that open the door to exploitation.
The report, based on data from DoControl's survey and analysis of the SaaS environment of companies with over 1,000 employees, points to incredible SaaS asset growth.
On average, with 7.9M SaaS assets at the beginning of 2023 and created 14.9M more assets over the course of the year.
If this annual asset growth rate of 189% continues, by the end of 2026 the average company will have about 550 MILLION SaaS assets.
Many of these assets contain sensitive data, ranging from strategic business information, like budgets and product roadmaps, to highly regulated data such as client lists and employee details.
When a former employee accesses company assets two years after their termination, or a departing executive shares dozens of sensitive assets with a personal email address, all is decidedly not well.
9 out of 10 companies analyzed in the report had former employees who accessed assets stored in company SaaS applications after they left the company.
All is not well when parties are given access to data they do not need and should not have.
This is very easy to inadvertently do in SaaS applications.
The average company had 35K sensitive assets exposed publicly, inviting theft of business secrets and regulatory compliance penalties.
Ease of asset sharing also means that company data can quickly make its way far from the organization.
The number of new third-party insiders created over the course of 2023 by the companies analyzed, and the scope of assets shared by those third parties to their own contractors and partners is eye-opening.
Ever-widening concentric circles of sharing and collaboration makes it too easy to lose control of your SaaS assets - unless you have the proper safeguards in place.
The State of SaaS Data Security 2024 report highlights the need to consider not only the human actors who have access to your SaaS environment, but also the non-human ones.
An additional factor complicates keeping on top of security in the SaaS environment: the general trend across industries toward reducing information security headcount.
Especially if organizations are still taking a manual approach to SaaS data security - which, in light of the rate of increase of SaaS assets and users, becomes ever more futile - fewer information security team members makes the attempt even more challenging.
There's no going back on SaaS usage - and, overall, that's a good thing.
The State of SaaS Data Security 2024 report is a valuable reminder that SaaS data security innovation must keep pace with SaaS innovation in order for companies to net positive on their SaaS investment.
Adam brings 15 years of experience in product management, software engineering, and network security.
Prior to founding DoControl, Adam was a Product Manager at Google Cloud, where he led ideation, execution, and strategy for Security & Privacy products serving Fortune 500 customers.
This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Tue, 09 Apr 2024 15:28:05 +0000