66% of organizations report spending more on SaaS apps than IaaS, yet SaaS security not yet a top three priority
NEW YORK — August 31, 2022 — Axonius, the leader in cybersecurity asset management and SaaS management, today released the results of a new research study focused on SaaS usage among enterprises across the United States, United Kingdom, and Europe. The data highlights a striking difference between consumption and security of SaaS applications. In fact, the majority of respondents (74%) reported more than half of their applications are now SaaS-based, and 66% reported spending more on SaaS applications today than a year ago.
But amid rising adoption and increasing costs, most organizations reported SaaS security lagged in urgency and priority. Of those surveyed, 60% ranked SaaS security fourth or lower on their list of current security priorities, and only 34% cited being worried about the costs associated with rising SaaS-based app usage.
“The biggest concern with SaaS adoption right now is that most organizations are underestimating the number of SaaS applications that exist within their environment,” said Dean Sysman, CEO and co-founder of Axonius. “SaaS offers numerous benefits, including more flexibility, accessibility, productivity gains, and more - anyone can register for a SaaS app and connect it to work data. But that also presents enormous risk. IT and security teams already struggle to identify the assets that exist within their organizations. SaaS apps further complicate their ability to gain visibility into data and interconnectivity, manage configurations, and close security gaps, as well as track licensing, usage, and spend.”
66% of organizations surveyed did admit the increase in SaaS applications has resulted in more complexity and increased security risk in their organizations. But when asked why security isn’t more of a concern, organizations pointed to limited time and resources (28%), pressure to focus on other issues from the C-Suite (23%), and staffing shortages (15%).
“The appetite for SaaS will only continue to grow, further exacerbating data sprawl and security implications,” said Jerich Beason, Commercial Bank CISO and Axonius advisor. “These risks are no longer hypothetical, and without full visibility into the SaaS application landscape, organizations will continue to find themselves vulnerable to data loss from shadow SaaS, non-compliance with federal and industry regulators, and financial strain from lack of insight into organizational spend. Businesses can no longer wait to rein in SaaS complexity.”
We’re already witnessing the consequences of insecure SaaS environments. In March, identity and access management industry leader, Okta, announced that its platform has been the victim of a targeted security attack. In April, GitHub Security announced an investigation into abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. To address SaaS security risks, organizations may need to rethink their priorities and adopt a different approach to SaaS security.
To learn more about the survey results and how to make SaaS security a bigger priority for your organization in the coming year, register for our upcoming webinar, “Why SaaS Security Is a Priority (Even If You Don’t Know It Yet).” Taking place on October 3, 2022, Axonius will be joined by Jerich Beason to discuss how a modern, comprehensive approach to SaaS security, like Axonius SaaS Management, can help solve your SaaS challenges.
You can also see more of the survey results in our infographic by visiting the Axonius blog.
This survey was completed by Savanta in H1 2022. More than 500 senior decision makers from the US, the UK, and Europe were polled.
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world.