96% of Security Executives Indicate SaaS Security is a High Priority in Valence Security’s 2024 State of SaaS Security Report

May 3, 2024 Off By David

Valence Security released its 2024 State of SaaS Security Report which found that more than half, 58%, of the organizations were affected by a SaaS security incident in the last 18 months. Likely, as a result, 96% of security leaders have made SaaS security a top priority and 93% have increased SaaS security budgets in 2024. In addition, confidence in current SaaS security programs or processes is high, with 84% saying they are very or extremely confident.

“There’s no denying that the ease of SaaS subscriptions and SaaS integrations have helped organizations scale their businesses quickly and increase employee productivity,” says Yoni Shohet, co-founder and CEO at Valence Security. “The goal of this report is to provide a unique and more comprehensive examination of SaaS security by combining survey findings from security leaders with analysis from our own tenants to expose the gaps between security investment and effectively addressing the complexities of SaaS environments.”

Top SaaS Security Challenges

The survey revealed the top security challenges the recipients are experiencing in securing their SaaS applications. Half (50%) identified distributed management of SaaS applications outside of IT/security teams as one of their top 3 challenges. Half (50%) indicated that governing Generative AI adoption is a top challenge. Nearly half (43%) indicated the complexity of SaaS configurations as one of their top challenges.

Shift in Tools to Secure SaaS

Interestingly,when asked which tools their organizations are currently using to protect their SaaS applications, 52% of respondents said they are using a Cloud Access Security Broker (CASB) while 48% said SSPM solutions. While CASBs have been around for over a decade, the fact that SSPMs have a similar adoption rate highlights a significant shift in how organizations address SaaS Security. This is likely due to the realization of CASB limitations to address modern SaaS security risks.

Data Share Risks

The tenant research revealed that 22% of external data shares utilize open links, so “anyone with the link” can access the data. The majority of these open link shares (94%) are inactive, meaning that people have access to these files, folders, recordings, records, etc. when they don’t need access anymore.

Overprivileged Third-Party Integrations

The tenant analysis revealed that 100% of organizations grant full access to sensitive data (emails, files, calendars, source code) to at least one (1) third-party integration and one third (33%) of integrations are granted access to sensitive permissions and data. SaaS-to-SaaS integrations are increasingly targeted by attackers since traditional access controls are less effective when it comes to these non-human identities and organizations typically don’t have the same monitoring capabilities as they have for human identities.

“While a staggering 96% of security leaders prioritize SaaS security, Valence’s report shows the complexity of SaaS security,” says Chris Steffen, Vice President of Research – Information Security at EMA. “Security executives responded that their SaaS security challenges are hindering effective security and they’re looking for innovative solutions that address these complexities and empower organizations to navigate an evolving SaaS security threat landscape.”

CategoryNews

Tagsresearch SaaS security

IGEL Announces New Innovations with Citrix to Help Secure and Enhance Digital Work Experiences

Lenovo Advances Focus on Customer Security with new AI-powered Cyber Resiliency as a Service