[ad_1]
Software-as-a-Service applications have long been Cyber threatsAs more SaaS applications enter the enterprise, these threats remain a top concern for 78% of U.S. technology leaders, a new study finds.
While enterprises have always made data privacy and security a top priority, their continued reliance on SaaS and cloud products means they remain at risk. SaaS Disruption Report: Security and Data Developed jointly by Onymos and Enterprise Strategy Group.
One big risk of this reliance is that when companies buy SaaS systems to speed up application development, they must grant third-party SaaS providers access to their data, Onymos founder and CEO Shiva Nathan told TechRepublic.
Granting this access can lead to cyberattacks and accidental data breaches. This is particularly problematic today, Nathan explains, because the average enterprise relies on more than 130 SaaS applications, up from just 80 in 2020.
“It’s up 62 percent,” he said. “Each (SaaS application) is a new attack surface that can be exploited by nation-state and non-nation-state bad actors. They’re exploiting it. The number of software supply chain attacks is increasing, especially against the healthcare industry, which has had to move to a virtual care model during COVID-19.”
Nathan added that healthcare entities have long relied on third-party vendors to make this transition. According to the report, other industries that rely heavily on SaaS applications include:
- government.
- Logistics and supply chain.
- manufacturing.
- retail.
- Banking and financial services.
- educate.
Gartner It predicts that 45% of organizations worldwide will experience an attack targeting their software supply chain by 2025. The report reinforces this prediction, with nearly half (45%) of technology leaders reporting that they have experienced a cybersecurity incident through a third-party SaaS application in the past year.
Importance of Data Retention
The survey, which collected input from 300 application development, IT and security leaders, also revealed that 91% of respondents highlighted the critical importance of data retention for custom internal applications, reflecting its prominence in their application development priorities.
Nathan said the data surprised him because these “tech leaders recognize the importance of retaining data, but they are still very dependent on SaaS. There is clearly a tension within these organizations between production velocity and data ownership,” he noted. “This tension has always existed, but it is increasing.”
Priorities for IT leaders
Nearly three-quarters (72%) of leaders surveyed ranked “security” as their top priority, closely followed by “data privacy” at 65%.
The report said these priorities are also reflected in the project allocations, responsibilities and tasks within the organization’s application and software development projects. Three of the top five priorities are:
- Ensuring data privacy (60% said this was a high or highest priority).
- Building secure applications (49% of respondents said this was a high or top priority).
- Maintaining full control over data ownership (42% of respondents said this was a high or highest priority).
The survey also revealed that 65% of internally developed applications are business-critical, and only 36% of technology leaders run all their applications on-premises or in a private cloud.
SaaS applications require greater attention to your security posture
The Onymos/ESG report states that with concerns about data security at such a high level, enterprises need to re-evaluate their current business models that leverage SaaS and cloud offerings.
“Today, it’s common to hear technology leaders talk about their ‘Security Posture‘ — It’s equally important to have a ‘data posture,’ Nathan stresses. ‘This includes asking what data you share with your SaaS vendor to get their service; whether they really need that data; what they do with it; and where it goes.
“The rise of AI products and services makes answering these questions even more important,” he said.
The report makes several recommendations, including a significant change to current SaaS and cloud common practices by adopting “data-free” architectural principles that prioritize data privacy and security.
“Such an architecture allows enterprises to retain full ownership and control of their data without having to share or grant access to third-party SaaS and cloud vendors, thereby reducing associated risks,” the report said. “Enterprises should also be allowed to own and modify the code associated with SaaS solutions used for their application and software development.”
This enables enterprise engineering teams to validate and test code as if they wrote it themselves, the Onymos/ESG report said. “With this approach, organizations can have complete confidence in the validity, reliability, and security of the code,” the report said.
Additionally, IT departments should prioritize and regularly conduct rigorous third-party security audits and penetration testing. “Such testing should include understanding how the organization’s data flows through different applications and SaaS solutions in order to mitigate unintended data access and sharing issues,” the report states.
[ad_2]
Source link
