Manual vs. SSPM: Research on What Streamlines SaaS Security Detection and Remediation

Originally published by Adaptive Shield.

Written by Zehava Musahanov, Adaptive Shield.

When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the 2022 SaaS Security Survey Report.

‍The survey report, done in collaboration with CSA, dives into how CISOs today are managing the growing SaaS app attack surface and the steps they are taking to secure their organizations. While there are 7 significant takeaways from the report, this blog takes a closer look at the 5th finding - how the use of an SSPM reduces the amount of time it takes to to detect and remediate SaaS misconfigurations.

‍The report finds that at least 43% of organizations have experienced a security incident as a result of a SaaS misconfiguration, however with another 20% being “unsure”, the real number could be as high as 63%. These numbers are particularly eye-opening when compared to the 17% of organizations experiencing security incidents due to an IaaS misconfiguration. Bearing this in mind, the question follows: how fast are SaaS misconfigurations detected and how long does it take to remediate the issue? In order to answer these questions, it's important to make a distinction between organizations that have implemented an SSPM solution and those that have not.

Manual Detection and Remediation

For organizations that are yet to onboard an SSPM, the IT and security teams can only manually check the apps’ many configurations to secure their SaaS stack. This means security teams need to not only be on top of remediating misconfigurations but also conducting regular security checks in order to manually detect any of these misconfigurations. The longer either of these actions take to be completed, the longer the company is exposed to threats.

‍One of the major problems for organizations’ security teams is the overwhelming amount of manual work. Companies today are reliant on dozens upon dozens of business-critical apps each with hundreds of configurations, which then need to be set according to the hundreds to thousands of employees.

Nearly half (46%) of the survey respondents, as seen in figure 2, check their SaaS security monthly or less frequently, and another 5% don’t check at all. It seems that security teams are overwhelmed with the workload, and are struggling to stay on top of all the settings and permissions. As organizations continue to adopt more and more apps, their gap of visibility into all configurations grows.

Figure 2. Frequency of SaaS Security Configuration Checks

When a security check fails, security teams must then go in and understand why exactly the check failed and the best course of action to fix it. Approximately 1 in 4 organizations, as seen in figure 3, take one week or longer to resolve a misconfiguration when remediating manually. Overall, security teams trying to manage their SaaS security are not only overwhelmed but are also in turn leaving the organization exposed for a longer period of time.

Figure 3. Length of Time to Fix SaaS Misconfigurations

How SSPM Fast Tracks Remediation and Detection

Organizations using SSPM are able to conduct security checks more often and remediate misconfigurations within a shorter time frame. An SSPM enables security teams to conduct frequent checks in compliance with both industry standards and company policy. The 2022 SaaS Security Survey Report found that the majority of these organizations (78%) run security checks once per week or more often, as seen in figure 4.

Figure 4. Comparison of Frequency of SaaS Security Configuration Checks

When a misconfiguration is detected, 73% of organizations using an SSPM resolved it within a day, and 81% resolved it within the week, as seen in figure 5. A good SSPM solution however will not only evaluate failed security checks caused by misconfigurations, but will also assess risk and configuration weakness — and provide exact instruction on how to remediate the issue.

Figure 5. Comparison of Length of Time to Fix Misconfigurations

Conclusion

SSPM not only reduces the workload on security teams, but also eliminates the need for them to be experts on each SaaS app and its settings. The data presented in the 2022 SaaS Security Survey Report highlights the drastic differences between companies using SSPM and those not, showing how valuable SSPM is to SaaS security detection and remediation.