more than 60% of accidents due to incorrect configurations
The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best workout contribute to ensuring an environment of cloud secure computing, published the results of its latest survey, the 2022 SaaS Security Survey Report.
Mandated by Adaptive Shield, a company specializing in SaaS Security posture management (SSPM), the survey offers insight into industry knowledge, attitudes and opinions regarding SaaS security and associated misconfigurations.
Cloud Security Alliance highlighted the number of recent data breaches and leaks that have been traced incorrect configurations.
Additionally, according to CSA analysts, although most research related to misconfigurations has focused on levels IaaS and completely ignored the SaaS stack, SaaS security and misconfigurations are just as important, if not more so. when it comes to the overall security of an organization.
The authors of the research therefore sought to gain a better understanding of the use of SaaS applications, how security assessments are conducted, and a general knowledge of the tools that can be used to secure Software as a Service applications.
According to Adaptive Shield, this survey sheds light on what CISOs and cybersecurity leaders want and need when it comes to protect their SaaS stack.
From visibility, to ongoing monitoring and remediation, to other ever-growing critical use cases such as third-party app control and device health monitoring.
Adaptive Shield argues that the SSPM market is maturing rapidly, and it's toward this type of zero trust approach to SaaS where is the market going?
Among the main conclusions of the survey, shared by the Cloud Security Alliance, there is first of all the fact that the Incorrect SaaS configurations lead to security incidents.
At least 43% of organizations report having dealt with one or more security incidents due to a SaaS misconfiguration.
The main causes of software as a service configuration errors are lack of visibility on changes to SaaS security settings (34%) e too many departments with access SaaS security settings (35%).
Investment in critical software-as-a-service applications continues more capable SaaS security tools and personnel.
During the past year, 81% of organizations increased their investments in mission-critical SaaS applications, but fewer organizations reported increasing their investments in security tools (73%) and personnel (55%) for software-as-a-service security.
Manually detect and correct incorrect SaaS configurations leaving organizations exposed.
Almost half (46%) can control only monthly or less frequentlyand another 5% don't check at allwhich means configuration errors can go undetected for a month or more.
Using an SSPM reduces the time it takes to detect and correct software-as-a-service misconfigurations.
Organizations using an SSPM - according to the research authors - can detect and correct their faulty SaaS configurations Faster.
the 78% audited their SaaS security configurations weekly or more, compared to those not using SSPM, for which only 45% was able to check in at least once a week.
The survey, which was conducted with Adaptive Shield, garnered 340 responses from IT and security professionals from organizations of varying sizes, industries, locations and roles.
The sponsors are CSA Corporate Members that support the results of the research project, but have no additional influence on content development or research publishing rights, CSA points out.
Read all of our Software as a Service articles