NEW YORK, May 2, 2024 – Valence Security today released its 2024 State of SaaS Security Report which found that more than half, 58%, of the organizations were affected by a SaaS security incident in the last 18 months. Likely, as a result, 96% of security leaders have made SaaS security a top priority and 93% have increased SaaS security budgets in 2024. In addition, confidence in current SaaS security programs or processes is high, with 84% saying they are very or extremely confident.
“There’s no denying that the ease of SaaS subscriptions and SaaS integrations have helped organizations scale their businesses quickly and increase employee productivity,” says Yoni Shohet, co-founder and CEO at Valence Security. “The goal of this report is to provide a unique and more comprehensive examination of SaaS security by combining survey findings from security leaders with analysis from our own tenants to expose the gaps between security investment and effectively addressing the complexities of SaaS environments.”
Top SaaS Security Challenges
The survey revealed the top security challenges the recipients are experiencing in securing their SaaS applications. Half (50%) identified distributed management of SaaS applications outside of IT/security teams as one of their top 3 challenges. Half (50%) indicated that governing Generative AI adoption is a top challenge. Nearly half (43%) indicated the complexity of SaaS configurations as one of their top challenges.
Shift in Tools to Secure SaaS
Interestingly, when asked which tools their organizations are currently using to protect their SaaS applications, 52% of respondents said they are using a Cloud Access Security Broker (CASB) while 48% said SSPM solutions. While CASBs have been around for over a decade, the fact that SSPMs have a similar adoption rate highlights a significant shift in how organizations address SaaS Security. This is likely due to the realization of CASB limitations to address modern SaaS security risks.
Data Share Risks
The tenant research revealed that 22% of external data shares utilize open links, so “anyone with the link” can access the data. The majority of these open link shares (94%) are inactive, meaning that people have access to these files, folders, recordings, records, etc. when they don’t need access anymore.
Overprivileged Third-Party Integrations
The tenant analysis revealed that 100% of organizations grant full access to sensitive data (emails, files, calendars, source code) to at least one (1) third-party integration and one third (33%) of integrations are granted access to sensitive permissions and data. SaaS-to-SaaS integrations are increasingly targeted by attackers since traditional access controls are less effective when it comes to these non-human identities and organizations typically don’t have the same monitoring capabilities as they have for human identities.
"While a staggering 96% of security leaders prioritize SaaS security, Valence's report shows the complexity of SaaS security," says Chris Steffen, Vice President of Research - Information Security at EMA. "Security executives responded that their SaaS security challenges are hindering effective security and they’re looking for innovative solutions that address these complexities and empower organizations to navigate an evolving SaaS security threat landscape."
Resources
To access the full analysis, download the 2024 State of SaaS Security Report
To learn more about Valence Security, visit the website or request a demo
Follow us on LinkedIn.
Methodology
EMA surveyed 125 senior cybersecurity executives including C-suite executives, vice presidents, directors, and managers from companies ranging from midsize to enterprise across a variety of industries including technology companies, financial services, and manufacturing to determine current trends in SaaS security. Additionally, anonymous data from 2024 collected from hundreds of real enterprise SaaS applications by the Valence SaaS Security Platform was used. Survey results highlighted several notable findings.
