One-third of companies experienced a SaaS data breach in the past year

A new report finds that 31% of organizations experienced a SaaS data breach in the past 12 months, a 5% increase from the previous year. This surge may be related to insufficient visibility into deployed applications, including third-party connections to core SaaS platforms.

Nearly half of companies using Microsoft 365 believe they have fewer than 10 applications connected to the platform, but aggregate data from the report shows the average number of connections is over a thousand. A third admitted they have no idea how many SaaS applications are deployed in their organization.

SaaS Applications: A Hot Target for Cybercriminals

for 2024 State of SaaS Security Report Security platform AppOmni surveyed managers and IT experts from 644 companies in the United States, United Kingdom, France, Germany, Japan and Australia in February and March 2024. Nearly half of the companies had more than 2,500 employees.

“Business units or individuals often bypass the traditional IT procurement process to adopt new third-party SaaS applications that integrate seamlessly with their core SaaS platforms,” the authors wrote.

According to another recent report by Onymos, the average enterprise currently relies on Over 130 SaaS applications In 2020, there were only 80 people.

They are popular targets for cybercriminals because Sensitive Data They store numerous entry points due to their widespread adoption and integration with other services, as well as their reliance on often misconfigured cloud environments.

Gartner 45% of organizations worldwide are expected to be attacked Software Supply Chain By 2025.

look: Millions of Apple apps vulnerable to CocoaPods supply chain attack

Decentralized security governance accompanies the deployment of SaaS applications, which can lead to gaps

Another factor is the increasing fragmentation of security governance, which leads to confusion over responsibilities and dangerous vulnerabilities.

SaaS has largely replaced on-premises software, which is easily protected by physical security measures such as cameras and guards. Because SaaS is cloud-based, deployed on different devices, and used by different users, its security and governance have also become decentralized.

Only 15% of respondents said that responsibility for SaaS security is centralized within the organization’s cybersecurity team.

“The benefits of decentralized operations come with a blurring of responsibilities between CISOs, line-of-business executives, and cybersecurity teams,” the report authors wrote. “Even when business unit executives lack the knowledge to implement security controls, the changes required for comprehensive SaaS security often take a back seat to business objectives.”

“Because application owners have so much autonomy over security controls, it is difficult to implement consistent cybersecurity measures to protect against application-specific vulnerabilities,” they added.

Substandard vetting of SaaS applications—even those that are company-approved

Nearly all organizations surveyed deploy only SaaS applications that meet established security standards. However, 34% of respondents said the rules are not strictly enforced. This is a 12% increase from 2017. 2023 Survey.

Due to blurred responsibilities between business leaders and IT teams, and their desire to gain efficiency benefits as quickly as possible, applications do not always receive the highest standards of security review before launch.

Additionally, only 27% of respondents were confident in the security level of sanctioned applications. Less than a third of respondents were confident in their Company or customer data The amount of data stored in enterprise SaaS applications has decreased by 10% since last year.

“SaaS applications vary widely in how they handle policies, events, and controls to manage access and permissions,” the report’s authors wrote. “As a result, ad hoc management of policies on a per-application basis can result in inconsistent implementation.”

Recommendations for building a secure SaaS environment

The AppOmni team provides several steps to ensure a secure SaaS environment:

1. Identify the SaaS attack surface by auditing SaaS assets and determining access levels. Prioritize applications that store and process business-critical information.
2. Define roles and responsibilities for security professionals and business leaders, and establish standard operating procedures for processes such as onboarding new applications, setting policy baselines, and adding and offloading users.
3. Establish strong permissions and accurate threat detection in the SaaS space to minimize the number of security alerts and enable system remediation.
4. Ensure that detection and approval policies are in place for connected SaaS applications and OAuth connections, not just core applications. Use the Open Source SaaS Event Maturity Matrix to review the events supported by connected applications.
5. Develop an incident response strategy to prioritize SaaS risks and incidents, including scoping, investigation, protection, and reporting.

“The days of waiting for SaaS vendors to serve as the primary security provider for SaaS assets are over,” said Brendan O’Connor, CEO and co-founder of AppOmni, in the report.

“As the operating system of your business, your SaaS assets require well-structured security procedures, organizational alignment of responsibilities and accountability, and continuous monitoring at scale.”