A significant increase in Software as a Service (SaaS) data breaches has been reported in the past year, rousing a growing concern within the tech community. The finding highlights the complexities and risks linked to a lack of visibility into an organization’s app estate and the decentralization of security governance. According to a new report, 31% of organizations experienced a SaaS data breach within the last 12 months, reflecting a 5% rise over the previous year. The surge may underscore companies’ inadequate visibility into the multitude of apps being deployed, especially concerning third-party integrations into their core SaaS platforms.
Despite the ubiquity of Microsoft 365, many businesses underestimate the number of connected third-party applications. Nearly half of the companies believe they have fewer than ten apps connected to their Microsoft 365 environment when, in reality, the true number exceeds a thousand on average, according to aggregated data. Alarmingly, a third of respondents confess they have no concrete knowledge of the number of deployed SaaS apps within their organizations, exposing them to unforeseen security risks. This underlines just how uncharted and under-monitored the SaaS landscape remains for many firms, creating an exposed surface ripe for exploitation by cybercriminals.
SaaS Applications: A Popular Target for Cybercriminals
The 2024 “State of SaaS Security” report, compiled by security platform AppOmni, surveyed managers and IT experts from 644 firms across the U.S., U.K., France, Germany, Japan, and Australia. Nearly half of these companies employ over 2,500 people. The report notes that business units or individuals often bypass traditional IT procurement processes to quickly adopt new third-party SaaS apps, integrating them seamlessly with their core platforms without robust security checks. This quick adoption culture, while enhancing operational efficiency, has also created numerous entry points for cyber threats.
According to another report from Onymos, the average enterprise today relies on over 130 SaaS applications compared to just 80 in 2020. SaaS apps are particularly attractive targets for cybercriminals, given the sensitive data they store and the numerous integration points they offer due to widespread use across various business operations. Their reliance on often-misconfigured cloud environments further complicates the security landscape. Gartner has predicted that by 2025, nearly 45% of organizations globally would have experienced attacks on their software supply chains, which includes SaaS ecosystems.
Decentralized Security Governance and Emerging Gaps
A decentralized approach to security governance is another factor contributing to the rise in SaaS data breaches. This model, while providing operational flexibility, often leads to confusion over security responsibilities among the Chief Information Security Officer (CISO), line-of-business heads, and cybersecurity teams. Only 15% of the respondents indicated that responsibility for SaaS security is centralized within their cybersecurity teams. The resulting ambiguity has led to dangerous gaps in the security fabric, with necessary security changes often taking a backseat to immediate business goals.
As SaaS replaces on-premises software that could be physically secured, the challenge of protecting cloud-based infrastructure, accessed across multiple devices and by different personas, has only intensified. The benefits of decentralized operations are coupled with a blurring of lines regarding security accountability. The AppOmni report emphasizes that comprehensive SaaS security is often overshadowed by business objectives, with business unit heads lacking the know-how to implement robust security measures. Additionally, autonomy at the app-owner level complicates the application of consistent cybersecurity protocols across the organization.
Vetting SaaS Apps: A Growing Concern
Despite efforts to deploy SaaS apps that meet predefined security criteria, a significant portion of organizations are failing to enforce these rules strictly. An alarming 34% of respondents indicated that security rules are not rigorously applied, a sharp 12% increase from the previous year. This lapse largely results from the blurred lines of responsibility between business leaders and IT teams, each driven by different priorities. The rush to achieve operational efficiencies often leads to inadequate vetting of security standards before rolling out new SaaS applications.
Only 27% of survey participants expressed confidence in the security measures of the sanctioned SaaS apps within their organizations. Likewise, less than a third felt assured about the security of their company’s or customers’ data stored in enterprise SaaS applications, a 10% decline from the previous year. The uneven landscape of security practices underscores the challenges businesses face in managing SaaS environments. The inconsistent handling of policies, events, and controls on a per-application basis has led to varied security implementations, putting critical data at risk. Experts stress that a holistic strategy and rigorous vetting are essential to secure SaaS deployments.
Recommendations for Building a Secure SaaS Environment
To combat the rising tide of SaaS data breaches, the AppOmni team proposes several critical steps for building a secure SaaS environment. The first step is to identify the SaaS attack surface by conducting a comprehensive audit of the SaaS estate, determining access levels, and prioritizing applications that store and process vital business information. This detailed review helps identify vulnerabilities and prevents them from being exploited by malicious actors.
Next, it is essential to clearly define the roles and responsibilities of security professionals and business leaders, establishing standard operating procedures for processes such as onboarding new apps, setting policy baselines, and managing users. Assigning distinct duties ensures that every aspect of security is managed appropriately, reducing the risk of overlooked vulnerabilities. A clearly defined chain of command helps streamline security operations and ensures accountability for security measures across the organization.
Strong Permissions and Accurate Threat Detection
Establishing robust permission settings and implementing accurate threat detection mechanisms is vital for minimizing the number of security alerts and facilitating systemic fixes. Ensuring that only authorized personnel have access to sensitive data and critical applications significantly reduces the risk of unauthorized access and potential breaches. Efficient threat detection mechanisms help promptly identify and address security threats, minimizing their impact on the organization.
Moreover, it is crucial to set up detection and approval policies for connected apps and OAuth connections, not just core applications. This approach ensures a comprehensive security posture across the entire SaaS environment. Leveraging open-source tools like the SaaS Event Maturity Matrix can help evaluate supported events for connected applications, providing a framework for consistent security practices. Consistent application of detection and approval policies mitigates the risk of vulnerabilities and ensures the integrity of the SaaS ecosystem.
Formulating an Incident Response Strategy
Creating a robust incident response strategy is crucial for effectively handling SaaS-related risks and incidents. This strategy should include steps for scoping, investigating, securing, and reporting incidents to minimize damage and ensure swift recovery. A well-defined plan allows organizations to respond proactively to security threats, reducing downtime and protecting sensitive data.
Brendan O’Connor, CEO and co-founder of AppOmni, highlights the importance of not solely relying on SaaS vendors for security. “The days of waiting on SaaS vendors as the primary security providers for your SaaS estate are over,” he noted. “Your SaaS estate, as the operating system of business, requires a well-structured security program, organizational alignment on responsibility and accountability, and continuous monitoring at scale.” Taking a proactive and holistic approach to security helps organizations safeguard their SaaS environments and reduce the risk of data breaches.
In summary, the rise in SaaS data breaches calls for a structured and proactive approach to security governance. From identifying the SaaS attack surface to developing a robust incident response strategy, organizations need comprehensive measures to tackle the complex challenges of decentralized security governance. Implementing AppOmni’s recommendations can bolster businesses’ security posture, protect sensitive data, and maintain the integrity of their SaaS environments in an increasingly interconnected digital world.