Cloud 101CircleEventsBlog
CSA's Continuous Audit Metrics Working Group is expanding! Help shape the future of cloud assurance.

Unmasking SaaS Security: Illuminating Insights from the Adaptive Shield-CSA Survey 2023

Unmasking SaaS Security: Illuminating Insights from the Adaptive Shield-CSA Survey 2023

Blog Article Published: 06/28/2023

Written by Hillary Baron, Senior Technical Director - Research, CSA.

report cover

In the increasingly digitalized world, Software as a Service (SaaS) applications play a pivotal role in businesses of all sizes. As these applications become increasingly important so too does the security. This is the basis for Adaptive Shield and CSA's joint annual survey, providing crucial insights into SaaS security's intricate landscape.

The 2023 iteration of this survey builds upon last year's groundwork, delving deeper into the industry's perceptions, practices, and strategies concerning SaaS security. The survey, conducted by CSA and funded by Adaptive Shield, attracted responses from over a thousand IT and security professionals worldwide. The data yielded intriguing revelations about the current state and future direction of SaaS security.

Unsettling Uptick in SaaS Security Incidents

The survey suggests a notable increase in SaaS security incidents, a trend reflecting the unfortunate reality that threats once limited to on-premises environments have infiltrated the SaaS realm. Data leakage, malicious apps, data breaches, and SaaS ransomware stood out as the most prevalent incidents, indicating an urgent need for strengthened security measures.

Shortcomings in Current SaaS Security Strategies

The findings point to serious deficiencies in the prevailing SaaS security strategies, with many organizations failing to secure their entire SaaS stack. Over half of respondents reported that their current security solutions cover less than 50% of their SaaS applications, amplifying the risk of cyber threats. The efficacy of widely-used methods such as Cloud Access Security Brokers (CASBs) and manual audits was also questioned, underscoring the necessity for a reevaluation and reinforcement of security strategies.

Spreading Stakeholder Responsibilities in SaaS Security

With SaaS applications permeating every aspect of organizations, ensuring their security has evolved into a shared responsibility. Although executive-level involvement illustrates the seriousness with which businesses approach SaaS security, it also complicates the decision-making process. This necessitates effective communication and coordination tools, fostering a collaborative environment that bridges the gap between security teams and app owners.

Struggle to Safeguard the Entire SaaS Security Ecosystem

Organizations continue to grapple with adapting to the evolving threat landscape, focusing more on SaaS security across diverse domains such as misconfiguration management, third-party app access, identity and access governance, user device posture management, and threat detection. Inadequate attention is given to training app users about potential risks in these areas, suggesting a missed opportunity in minimizing the attack surface.

SaaS Investments and Resource Allocation on the Rise

The survey depicts a growing reliance on SaaS resources, with 71% of organizations ramping up their investments in security tools, 68% augmenting their spending on hiring and training staff, and 66% pouring resources into business-critical SaaS applications. This comprehensive approach towards SaaS investment highlights the escalating significance of SaaS and the urgency of adopting effective security solutions such as SaaS Security Posture Management (SSPM) tools.

Growing Adoption of SSPM Tools

The survey recorded a significant surge in the adoption of SSPM tools, with 44% of organizations currently using SSPM, a substantial rise from 17% in 2022. The increased adoption of SSPMs reflects a growing recognition of their comprehensive coverage, providing protection against a broad range of SaaS security risks. 43% of businesses have adopted an SSPM solution in the past year, and 36% are planning to adopt one in the next 18 months. SSPM's capabilities of streamlining and automating various security processes also offer potential for substantial time and cost savings.

In summary, the 2023 Adaptive Shield-CSA Survey paints a vivid picture of the evolving SaaS security landscape, emphasizing the urgency to rethink and reinforce security strategies. It also highlights the ongoing journey many organizations are on which requires consistent efforts, continuous learning, and effective security tools. The insights derived from this survey not only underline the existing challenges, but also shed light on potential solutions, providing a roadmap for businesses to navigate this complex landscape.

However, this blog only scratches the surface of the insights contained in the full 2023 Adaptive Shield-CSA Survey. To gain a comprehensive understanding of the SaaS security ecosystem, we encourage readers to delve deeper into the survey results. Download the full report today.

Share this content on your favorite social network today!