Brianna White

Administrator
Staff member
Jul 30, 2019
4,655
3,456
Many organizations are unprepared for the escalating threat of cybersecurity attacks and breaches, particularly in the context of Software as a Service (SaaS) applications. Despite the widespread adoption of SaaS for core business functions, there is a significant lack of awareness regarding the associated risks.

Recent research highlights that 96.7% of organizations experienced a security incident with at least one SaaS application in the past year. Additionally, 8,500 applications now incorporate generative AI (GenAI) capabilities, many of which can train on user data, posing further security concerns.

The slow adoption of SaaS security measures and impending regulatory changes could leave organizations vulnerable. Regulations such as NY-DFS in the U.S. and DORA in the EU mandate rapid reporting of security events in SaaS supply chains, underscoring the need for speed in cybersecurity responses.

Key Risks in SaaS Adoption:
  1. SaaS Invisibility: Unauthorized use of SaaS applications is widespread, with nearly half of these apps used by a single employee without oversight. Employees often accept terms and conditions without understanding the risks, potentially exposing sensitive company data to numerous SaaS providers.
  2. SaaS Security Responsibility: While securing SaaS configurations is crucial, the responsibility often falls on both the SaaS provider and the employees. Security teams must quickly identify and address incidents, ensuring compliance with regulations and maintaining security standards.
The Need for Speed in SaaS Security:

Manual processes for monitoring and protecting SaaS are inadequate. To meet the 72-hour notification requirement, security measures must be efficient and not overly dependent on human intervention. Best practices for SaaS security should include:
  • Speed in Supply Chain Change Detection: Regular checks are essential but not enough. Rapid changes in the SaaS supply chain necessitate immediate risk management processes.
  • Speed in Risk Assessment: With over 300,000 SaaS applications available, a streamlined security approach is needed to facilitate quick decision-making within business units.
In conclusion, organizations must enhance their SaaS security practices to address these challenges effectively and comply with regulatory requirements. How are you or your organization enhancing the SaaS security practices?

Read the article: https://www.forbes.com/sites/forbes...-security-speed-to-keep-pace-with-saas-risks/