Seventy p.c of enterprises are prioritizing funding in SaaS safety by establishing devoted groups to safe SaaS purposes, as a part of a rising development of maturity on this area of cybersecurity, in keeping with a brand new survey launched this month by the Cloud Security Alliance (CSA).
Regardless of financial instability and main job cuts in 2023, organizations drastically elevated funding in SaaS safety. In reality, the survey discovered, enterprises added headcount to SaaS safety in 2023, rising SaaS safety workers by 56%, in addition to rising budgets by 39%.
 |
| Determine 1: How funding in SaaS safety has shifted from 2022 to 2023 |
The fourth annual SaaS safety survey, “2025 CISO Plans and Priorities,” was performed by the CSA and commissioned by SaaS safety chief Adaptive Defend. A complete of 478 international safety professionals participated within the survey, throughout all verticals. The survey shares their perspective on SaaS safety successes and challenges as CISOs put together to set priorities for 2025.
Obtain the total SaaS safety survey report
Key findings:
SaaS Safety is Extra Vital Than Ever
The survey reveals the rising significance of SaaS safety to organizations, who use SaaS purposes to handle operations and retailer vital knowledge.
“For years, SaaS security has been an afterthought. However, the landscape depicted in this year’s survey paints a dramatically different picture, one where SaaS security has surged to the forefront of corporate agendas,” the CSA stated within the report.
The survey discovered that 80% of organizations are prioritizing SaaS safety with 41% making it a excessive precedence and 39% a reasonable precedence.
 |
| Determine 2: Safety professionals fee the precedence stage of SaaS safety of their group |
70% of Organizations Have Established Devoted SaaS Safety Groups
The emergence of SaaS-specific safety roles was recognized for the primary time within the annual survey, with greater than 70% confirming they’ve devoted groups: 57% p.c reported having a SaaS safety staff of a minimum of two full-time staffers, whereas one other 13% stated they’d one particular person devoted to securing SaaS purposes.
“Dedicated SaaS security teams make sense in an enterprise context. The role of SaaS security is cross-functional, overlaying multiple areas that are rarely touched by just a single team. Due to the nature of SaaS, these teams are involved in identity security, risk management, endpoint security, and threat detection,” the CSA stated within the report.
SaaS Safety Capabilities Are Bettering
Organizations have additionally considerably improved key SaaS safety capabilities in comparison with the earlier yr, the survey discovered. In reality, 62% of organizations now think about their SaaS safety posture to be reasonably to extremely mature.
 |
| Determine 3: How organizations understand their SaaS safety maturity |
Due to buying SaaS safety capabilities, visibility into the SaaS stack is rising. In the present day, 70% of organizations have reasonable (47%) to full visibility (23%) into their SaaS purposes, with these attaining full visibility having greater than doubled over the previous yr, the report stated.
This enhanced oversight is pivotal for efficient configuration and person administration. It additionally performs an important function in figuring out mistakenly or undesirable publicly shared knowledge sources, similar to paperwork and repositories.
Detection capabilities surrounding multi-factor authentication (MFA) assaults have additionally improved from to 62% from 47% a yr in the past. In menace detection, 62% p.c of respondents state their capacity to detect irregular person conduct, in contrast with 44% a yr in the past.
Organizations are Nonetheless Going through Challenges in SaaS Safety Efforts
Whereas organizations have improved SaaS safety oversight, 73 p.c surveyed pointed to attaining visibility into business-critical apps as their greatest problem.
In keeping with respondents, the highest 10 most troublesome apps to safe embrace business-critical apps similar to Microsoft 365, GitHub, Microsoft Groups, Jira, Salesforce, and Google Workspace.
 |
| Determine 4: Prime 10 most difficult purposes to handle from a safety perspective |
Extra challenges embrace monitoring and monitoring safety dangers from third-party linked apps (65%); finding and fixing SaaS misconfigurations (65%); making certain knowledge governance and privateness (63%); and aligning SaaS utility settings with compliance requirements (61%).
 |
| Determine 5: Safety professionals fee the largest challenges in SaaS safety |
Regardless of challenges, SaaS safety funding is paying off
The funding the survey uncovered clearly demonstrates that organizations are taking SaaS safety significantly. In reality, the survey recognized a constructive development: 25% of respondents skilled a SaaS safety incident up to now two years, in contrast with 53% final yr.
The commonest safety incidents reported have been knowledge breaches (52%) and knowledge leakage (50%), adopted by unauthorized entry (44%) and malicious purposes (38%).
 |
| Determine 6: Due to funding in SaaS safety, the variety of breaches declined over the previous yr |
SSPM Customers In a position to Higher Deal with SaaS Safety Challenges
Corporations which have adopted SaaS Safety Posture Administration (SSPM) are faring higher than these utilizing different instruments, similar to CASB and guide audits, to safe the SaaS stack.
These utilizing SSPM are greater than twice as more likely to have full visibility into their SaaS stack — 62% of those organizations are capable of oversee over 75% of their SaaS atmosphere in comparison with those that make the most of different instruments and guide processes of their technique (31%).
SSPM customers have been additionally extra more likely to discover key SaaS Safety duties to be straightforward, whereas non-SSPM customers discovered them to be very onerous.
The survey demonstrates a constructive momentum in SaaS safety technique. From establishing groups to implementation of latest SaaS safety processes and instruments, organizations throughout the board are prioritizing efforts in SaaS safety. The mixing of SSPM emerges as a think about enhancing a corporation’s SaaS safety. The survey highlights the significance of revisiting and refining SaaS safety methods inside organizations to incorporate instruments that particularly deal with SaaS safety. This can assist shore up the present difficulties and deal with safety gaps they’re at present dealing with, thus lowering the chance of a SaaS safety incident sooner or later.
Learn the total SaaS safety survey report now
