SaaS Landscape

Examining the SaaS Landscape Through the Annual Security Survey Report

Christopher Eaton | June 20th, 2024

 

Imagine a world where data flows seamlessly, businesses scale effortlessly, and innovation is boundless, all thanks to the marvel of a ubiquitous and amorphous Cloud.

Since its inception, cloud computing has not only revolutionized the way we store and access data but has also become the backbone of global digital transformation. This technological leap has spurred unprecedented advancements, enabling everything from artificial intelligence to remote work opportunities.

However, with great rewards often comes an opposing set of risks; the same Cloud that empowers innovation also casts dark shadows in the form of cyberattacks and fraud. As we navigate this immensely challenging digital landscape, understanding the impact and vulnerabilities of cloud computing is more crucial than ever.

The Rise of Software as a Service

A SaaS (Software as a Service) application is cloud-based software accessed via the internet, as opposed to locally on an individual endpoint. This model offers users functionality without needing local installation or costly maintenance. As these applications exist in the nebulous cyber space, they are often referred to as “Cloud” applications.

According to research provided by Thales, SaaS applications account for more than 60% of all data storage and usage by corporations around the world.1 These companies are understandably investing heavily in further developing their cloud capacity and capabilities, with some $600 billion spent on SaaS applications in 2023 alone, according to a Gartner report.2

Given the enormity of the Cloud, managing SaaS security is often complex. According to data pulled and published by AAG IT Services, “2.3 billion people use personal cloud storage services” routinely to maintain their private data, including email and banking apps, highlighting the vast scope of cloud data storage on both a personal and business level.3 Generally, individuals are responsible for safeguarding their accounts, monitoring for suspicious activity, and maintaining general account hygiene.

Human error, unfortunately, remains the primary driver of data breaches, applicable to both personal and corporate accounts. With so much data and so many applications to monitor, safeguard, and maintain, it is statistically certain that something will go wrong somewhere with the proliferation of the Cloud.

SaaS Security Report Takeaways

The 2024 Annual SaaS Security Survey Report conducted by Cloud Security Alliance (CSA), delves into the industry’s knowledge and opinions regarding SaaS application security, bringing to light many of the complex challenges.4 The survey examined how organizations prioritize SaaS security, the tools used to secure SaaS applications, the successes organizations are experiencing in their SaaS security efforts, and the security risks that still pose challenges. Let’s examine some key insights.

  1. Increasing SaaS Security Prioritization: The survey found that 80% of organizations prioritize SaaS security, with 41% making it a high priority and 39% a moderate priority. This same report notes that “70% of organizations have established dedicated SaaS security teams” but they are primarily comprised of either one or two full time individuals. It is wise for organizations to emphasize Cloud security, but such a focus will only translate into actual resilience with the proper team and third-party relationships that all but ensure applications are properly configured, updated, and monitored.

Having only two individuals dedicated to safeguard Cloud applications means, at 40 hours per week per individual, there are 88 hours each week where no full-time attention is provided. As threat actors do not maintain standard hours, and with numerous attacks perpetrated via automation, the level of current prioritization potentially leaves a wide-open attack surface. 24/7 monitoring and support are necessary to augment security team shortages and best protect accounts.

  1. SaaS Application Management: Even with the increased prioritization, organizations continue to find managing SaaS applications difficult. Maintaining visibility and monitoring for suspicious activity are significant challenges. However, companies with more mature practices in these areas reported a reduction in active security incidents from 53% to 25% year over year. In other words, as SaaS protection matures, cyberattacks—whether due to “data leakage, data breach, SaaS ransomware, and insider threats”—decreased.

Visibility plus preparation for cyber threats leads to enhanced security, not perfect security. Some strategies to enhance Cloud management include conducting regular audits and assessments on current deployments, strengthening vendor management by thoroughly vetting any new applications, and end user awareness training and support.

  1. Despite this focus on SaaS security and its noted successes, organizations still struggle to secure visibility into some of the most widely used applications. According to Okta’s Businesses at Work 2024 report, the five most widely used business applications were, from 1 to 5, Microsoft 365, Google Workspace, Amazon Web Services (AWS), Salesforce, and Zoom.5 Three of these were noted within the CSA report to be among the “most challenging applications to manage from a security perspective”.

When the core software applications businesses rely on to optimally operate are also those posing significant security risks, impactful problems tend to emerge. The ability to efficiently and effectively provide goods and services to customers within today’s digital market requires robust Cloud security.

Fortunately, for those organizations that currently lack optimal security, SpearTip offers a Cloud Monitoring service that provides cybersecurity coverage from a 24/7/365 team of experienced engineers and analysts for Microsoft 365, Google Workspace, and Salesforce. It provides the visibility necessary to detect suspicious or malicious activity and the capacity to remediate it in real time.

The 2024 Annual SaaS Security Survey Report highlights the critical role of these platforms in modern businesses and the persistent threats they face. While no solution offers 100% cloud application protection, the evidence is clear: increased visibility, the ability to respond to threats or active attacks, and having the support of a round-the-clock team of cybersecurity experts can drastically enhance the security of an organization’s cloud data and general infrastructure.

As businesses continue to rely on cloud applications, the necessity for robust SaaS security measures becomes ever more apparent. Organizations like SpearTip provide essential services, including Advisory Services, Rapid Incident Response, and a 24/7 Security Operations Center, which are integral in bolstering the cybersecurity posture of digitally dependent enterprises.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.

References:

  1. “2022 Thales Data Threat Report” Thales, 2022. Web. <https://mb.cision.com/Public/20506/3530950/b55a39d9e52a4074.pdf>
  2. “Gartner Forecasts Worldwide Public Cloud End-User Spending to Reach Nearly $600 Billion in 2023” Gartner, 2022. Web. <https://www.gartner.com/en/newsroom/press-releases/2022-10-31-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023>
  3. AAG IT Services. “The Latest Cloud Computing Statistics (updated June 2024)” AAG, 2024. Web. <https://aag-it.com/the-latest-cloud-computing-statistics/>
  4. Cloud Security Alliance. “The Annual SaaS Security Survey Report 2025 Plans and Priorities” Cloud Security Alliance, June 3, 2024. Web. <https://cloudsecurityalliance.org/artifacts/the-annual-saas-security-survey-report-2025-plans-and-priorities>
  5. “Businesses at Work 2024” Okta, 2024. Web. <https://www.okta.com/businesses-at-work/>

Categories

Connect With Us

Featured Articles

fasthttp
fasthttp Used in New Bruteforce Campaign
13 January 2025
Deepfake Fraud
Combating Deepfake Fraud is a Growing Challenge for Organizations
10 January 2025
EDR Silencers
Responding to the Exigent Emergence of EDR Silencers
06 December 2024
Illusion of Invulnerability
How the Illusion of Invulnerability Can Elevate Business Risk
22 November 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

inside the soc

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.
shadowspear platform

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.
shadowspear demo

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.