Axonius, a leader in cybersecurity asset management and SaaS management, released the results of a new study focused on SaaS usage among enterprises across the United States, the United Kingdom and Europe. The data highlight a difference between the consumption and security of SaaS applications. In fact, most respondents (74 percent) reported more than half of their applications are now SaaS-based, and 66 percent reported spending more on SaaS applications today than a year ago.
However, amid rising adoption and increasing costs, most organizations reported SaaS security lagged in urgency and priority. Of those surveyed, 60 percent ranked SaaS security fourth or lower on their list of current security priorities, and only 34 percent cited being worried about the costs associated with rising SaaS-based app usage.
“The biggest concern with SaaS adoption right now is that most organizations are underestimating the number of SaaS applications that exist within their environment,” said Dean Sysman, CEO and co-founder of Axonius. “SaaS offers numerous benefits, including more flexibility, accessibility, productivity gains, and more – anyone can register for a SaaS app and connect it to work data. But that also presents enormous risk.
“IT and security teams already struggle to identify the assets that exist within their organizations,” Sysman continued. “SaaS apps further complicate their ability to gain visibility into data and interconnectivity, manage configurations, and close security gaps, as well as track licensing, usage, and spend.”
Sixty-six percent of organizations surveyed acknowledge the increase in SaaS applications has resulted in more complexity and increased security risk in their organizations. But when asked why security isn’t more of a concern, organizations pointed to limited time and resources (28 percent), pressure to focus on other issues from the C-Suite (23 percent), and staffing shortages (15 percent).
The consequences of insecure SaaS environments already are being seen. In March, identity and access management industry leader, Okta, announced its platform was the victim of a targeted security attack. In April, GitHub Security announced an investigation into abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI.
To address SaaS security risks, organizations may need to rethink their priorities and adopt a different approach to SaaS security.
To learn more about the survey results and how to make SaaS security a bigger priority for your organization in the coming year, register for Axonius’ webinar, “The Truth About SaaS: Why No One Cares About Security (Yet),” which is scheduled for Oct. 3, Axonius will be joined by Jerich Beason to discuss how a modern, comprehensive approach to SaaS security, like Axonius SaaS Management, can help solve SaaS challenges.
Additional survey results can be found on the Axonius blog. For more, visit Axonius.com.