SaaS Asset and User Numbers are Exploding: Is SaaS Data Security Keeping Up?

DoControl's recently released The State of SaaS Data Security 2024 report revealed a striking picture of ballooning SaaS asset and user numbers alongside security gaps that open the door to exploitation.
The report, based on data from DoControl's survey and analysis of the SaaS environment of companies with over 1,000 employees, points to incredible SaaS asset growth.
On average, with 7.9M SaaS assets at the beginning of 2023 and created 14.9M more assets over the course of the year.
If this annual asset growth rate of 189% continues, by the end of 2026 the average company will have about 550 MILLION SaaS assets.
Many of these assets contain sensitive data, ranging from strategic business information, like budgets and product roadmaps, to highly regulated data such as client lists and employee details.
When a former employee accesses company assets two years after their termination, or a departing executive shares dozens of sensitive assets with a personal email address, all is decidedly not well.
9 out of 10 companies analyzed in the report had former employees who accessed assets stored in company SaaS applications after they left the company.
All is not well when parties are given access to data they do not need and should not have.
This is very easy to inadvertently do in SaaS applications.
The average company had 35K sensitive assets exposed publicly, inviting theft of business secrets and regulatory compliance penalties.
Ease of asset sharing also means that company data can quickly make its way far from the organization.
The number of new third-party insiders created over the course of 2023 by the companies analyzed, and the scope of assets shared by those third parties to their own contractors and partners is eye-opening.
Ever-widening concentric circles of sharing and collaboration makes it too easy to lose control of your SaaS assets - unless you have the proper safeguards in place.
The State of SaaS Data Security 2024 report highlights the need to consider not only the human actors who have access to your SaaS environment, but also the non-human ones.
An additional factor complicates keeping on top of security in the SaaS environment: the general trend across industries toward reducing information security headcount.
Especially if organizations are still taking a manual approach to SaaS data security - which, in light of the rate of increase of SaaS assets and users, becomes ever more futile - fewer information security team members makes the attempt even more challenging.
There's no going back on SaaS usage - and, overall, that's a good thing.
The State of SaaS Data Security 2024 report is a valuable reminder that SaaS data security innovation must keep pace with SaaS innovation in order for companies to net positive on their SaaS investment.
Adam brings 15 years of experience in product management, software engineering, and network security.
Prior to founding DoControl, Adam was a Product Manager at Google Cloud, where he led ideation, execution, and strategy for Security & Privacy products serving Fortune 500 customers.


This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Tue, 09 Apr 2024 15:28:05 +0000


Cyber News related to SaaS Asset and User Numbers are Exploding: Is SaaS Data Security Keeping Up?

The ONE Thing All Modern SaaS Risk Management Programs Do - Reducing SaaS risk is, without a doubt, a difficult challenge. Gaining visibility into all the SaaS apps used across an enterprise is hard enough, but it becomes an even greater challenge when only a portion of the apps go through the company's ...
8 months ago Securityboulevard.com
SaaS Asset and User Numbers are Exploding: Is SaaS Data Security Keeping Up? - DoControl's recently released The State of SaaS Data Security 2024 report revealed a striking picture of ballooning SaaS asset and user numbers alongside security gaps that open the door to exploitation. The report, based on data from DoControl's ...
8 months ago Cybersecurity-insiders.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
1 year ago Esecurityplanet.com
How the New NIST 2.0 Guidelines Help Detect SaaS Threats - The SaaS ecosystem has exploded in the six years since the National Institute of Standards and Technology's cybersecurity framework 1.1 was released. Back in 2016-2017, when version 1.1 was initially drafted, SaaS held a small but significant place ...
9 months ago Bleepingcomputer.com
The Qlik Cyber Attack: Why SSPM Is a Must Have for CISOs - On November 28 2023, Arctic Wolf Labs reported on a new Cactus ransomware campaign which exploits publicly-exposed installations of Qlik Sense, a cloud analytics and business intelligence platform. With a breach like Qlik, the first question that ...
1 year ago Securityboulevard.com
What Is a SaaS Security Checklist? Tips & Free Template - SaaS security checklists are frameworks for protecting data and applications in cloud-based environments. These checklists include security standards and best practices for SaaS and cloud applications, and B2B SaaS providers use them to guarantee ...
8 months ago Esecurityplanet.com
How to Eliminate Shadow IT and Achieve a Secure SaaS Environment in 2023 - The prevalence of Shadow IT has grown exponentially over the years, with most organizations being unaware of the security risks of unauthorized cloud applications. Shadow IT is any application or cloud service being used by employees for business ...
1 year ago Thehackernews.com
Report Surfaces Extent of SaaS Application Insecurity - An analysis of how 493 organizations are employing software-as-a-service applications published today by Wing Security finds nearly all experienced a security incident involving at least one application. A full 81% reported security incidents ...
10 months ago Securityboulevard.com
Who is Responsible for Ensuring the Security of Data in SaaS Applications - As SaaS applications became more popular, it was unclear who was responsible for protecting the data. Nowadays, most security and IT teams understand the shared responsibility model, where the SaaS vendor is responsible for the application's ...
1 year ago Thehackernews.com
Critical Start Asset Visibility helps customers become more proactive within their security program - Critical Start launched their Asset Visibility offering. As part of an MCRR strategy, Asset Visibility helps customers become more proactive within their security program, helping them uncover assets that need protection, validate that the expected ...
11 months ago Helpnetsecurity.com
Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk - PRESS RELEASE. TEL AVIV, Israel, Jan. 16, 2024 - Savvy, a software-as-a-service security platform provider, today announced its Identity-First Security offering that uncovers risks created by a toxic combination of identity access management ...
11 months ago Darkreading.com
AppOmni Previews Generative AI Tool to Better Secure SaaS Apps - AppOmni this week unveiled a technology preview of a digital assistant to its platform for protecting software-as-a-service applications that uses generative artificial intelligence to identify cybersecurity issues. The AskOmni assistant provides ...
1 year ago Securityboulevard.com
Latest Information Security and Hacking Incidents - According to 25% of participants in an IBM study conducted in September 2022 among 3,000 companies and tech executives worldwide, security worries stand in the way of their ability to achieve their cloud-related goals. Nowadays, a lot of ...
11 months ago Cysecurity.news
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
SSPM: A Better Way to Secure SaaS Applications  - Security Boulevard - “GenAI can be incredibly powerful, but it must be used with caution,” Nakash warns, and adds that “if not properly managed, it can expose sensitive data or generate misleading insights.” As one report by Forrester notes, 71% of organizations ...
2 months ago Securityboulevard.com
CrowdStrike Enhances Cloud Asset Visualization to Accelerate Risk Prioritization - The massive increase in cloud adoption has driven adversaries to focus their efforts on cloud environments - a shift that led to cloud intrusions increasing by 75% in 2023, emphasizing the need for stronger cloud security. As organizations increase ...
7 months ago Crowdstrike.com
2024 brings changes in data security strategies - 2024 will be a revolutionary year for the data security landscape as Data Security Posture Management technology rapidly evolves to keep pace with the colossal amount of data being created, stored and shared within organizations and across business ...
1 year ago Helpnetsecurity.com
Reco Employs Graph and AI Technologies to Secure SaaS Apps - Reco today launched a platform that makes use of machine learning algorithms and graph technology to secure software-as-a-service applications. The Reco Identities Interaction graph technology connects to SaaS applications via its application ...
1 year ago Securityboulevard.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
10 months ago Cybersecuritynews.com
Wing Security unveils automated protection against AI-SaaS risks - Wing Security unveils an automatic advanced approach to counter the evolving risks of Intellectual Property and data leakage into GenAI applications. Amidst the growing adoption of GenAI, and the many SaaS applications powered by GenAI, Wing brings ...
11 months ago Helpnetsecurity.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
10 months ago Esecurityplanet.com
The Importance of Incident Response for SaaS - The importance of a thorough incident response strategy cannot be understated as organizations prepare to identify, investigate, and resolve threats as effectively as possible. Most security veterans are already well aware of this fact, and their ...
1 year ago Securityboulevard.com
Infosec products of the month: May 2024 - The Third-Party Intelligence module combines vendor-specific cyber threat intelligence with cybersecurity posture data from suppliers' tech environments, exposing a critical blind spot for security teams. Synopsys Polaris Assist automates repetitive, ...
6 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)