Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Enterprise ServicesSecurity Leadership and ManagementLogical Security

Why context matters in the future of enterprise security

By Guy Guzner
green code on computer screen

Image via Pixabay

December 27, 2023

In 2022, human error was responsible for 82% of all breaches, reinforcing a lingering problem across the cybersecurity landscape. CISOs can invest in the latest technologies and solutions to secure the perimeter, endpoints, and applications only to have human negligence open the proverbial door for bad actors. Enterprises often see employees as their greatest vulnerability and as being victims of outside threats, but sometimes the latter is not true.

According to Gartner, over 90% of employees who engaged in insecure work actions did so knowing it would increase risk to the organization. This revelation is shocking and dangerous in its own right, but will only worsen as employees are increasingly given — often unknowingly — more freedom over the technologies they use for work. The proliferation of software as a service (SaaS) in organizations effectively democratizes information technology (IT) departments in the same way that social media did for news. In the same survey, Gartner estimates 75% of employees will acquire, modify, or create technology outside IT’s visibility by 2027, up from 41% in 2022. 

CISOs have little hope of keeping pace with broadening attack surfaces if they don’t make significant investments in human-centric security technologies that focus on improving real-time employee decision-making.

SaaS sprawl emboldens employees to take tech into their own hands

The rampant growth of SaaS within organizations, or “SaaS Sprawl,” is not a new trend, but its escalating impact on the future of enterprise security cannot be overstated. On average, a single company uses 254 SaaS applications. Due to increased connectivity and use of SaaS/cloud applications, resource-strapped security teams are now responsible for covering a wider attack surface and need a way to maintain visibility and control apps from a central source. However, this is challenging when shadow SaaS accounts for more than half (51%) of the applications in the average portfolio. Security operations cannot secure what they cannot see.

The blocking fallacy

Even when accounting for unsanctioned SaaS that is visible to security operations (SecOps), blocking user access continues to be an ineffective method for improving cyber hygiene. Take, for instance, the banning of ChatGPT by major companies like Apple, Amazon and Samsung. There are many good reasons for this reaction given the obscure IP rights around AI, privacy concerns, and more, but does blocking really achieve the desired outcome? If a security team blocks employees from logging-in using work credentials, they can find ways to leverage a solution outside of the network with the same sensitive data. Restricting access becomes increasingly unrealistic given the growing number of ways to evade protections. 

The long-term answer for large companies with enough resources is to build their own in-house AI models to provide the same level of support with none of the external security concerns, but that will take time. Companies can help employees make better decisions now.

Since the birth of browser-based security, the most closely-related discipline to securing SaaS, blocking websites and restricting activities have been the primary methods for thwarting phishing scams and ransomware attacks. However, this drives user frustration because the enterprise is, in some cases, eliminating a preferred action with no explanation as to why and no alternative. Enterprises must begin blocking with an explanation or allowing activities under certain controllable circumstances. In both instances, companies are providing context or a solution.

Using the same aforementioned ChatGPT example, organizations can instead implement just-in-time guidance on user workspaces alerting them of an insecure action and forcing an alternative option that satisfies both security teams and workers. Employees can be directed to select a comparable service that is acceptable, offer different security options within ChatGPT or be told to avoid using specific words or phrases when inputting prompts. 

Most emerging SaaS security technology focuses on alerting users of a wrongful action after-the-fact; but this doesn’t solve the problem because it’s unlikely to become a learned behavior. It’s why cybersecurity awareness training continues to be ineffective with only 10% of all employees remembering all of the training when it comes time to use it.

Preemptive alerts accompanied by explanations are also excellent for phishing scams, improving password etiquette, and other areas of cybersecurity outside of just SaaS permissions. If an employee is about to click on a problematic link, intuitive software can stop the action, explain the reason, and suggest an alternative that does not compromise security. 

Additionally, it can significantly help with the rampant misuse and reuse of passwords that creates easy targets to infiltrate systems. Even something as simple as reminding employees to use single sign-on (SSO) for all federated SaaS applications helps maintain compliance and allows security teams to improve visibility. Average employees aren’t aware of how important password behaviors are to overall security posture.

With SaaS sprawl continuing to plague organizations, ensuring basic cyber hygiene becomes more important than ever. There is decades of evidence that employees continue to be the weakest link in an organization's security posture, regardless of how advanced cybersecurity technology has become. Moving forward, CISOs need to focus on effective methods to help employees feel a part of the solution instead of trying to remove them as a problem.

KEYWORDS: artificial intelligence (AI) Artificial Intelligence (AI) Security cyber hygiene machine learning software as a service (SaaS)

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Guy Guzner is Co-Founder and CEO of Savvy.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Officers at an event

The 2026 FIFA World Cup Will Test Security Operations Like Never Before

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

Glasses in front of coding on screen

5 Ways Quantum and AI Will Rewrite the Rules of Cyberattacks

Sewer

Why Are People Entering NYC’s Sewers at Night?

SEC 2026 Benchmark Banner

Events

July 8, 2026

The 2026 Security Maturity Benchmark Report: Insights From Senior Security Leaders

LIVE: July 8, 2026 at 2 pm EDT In this webinar, speakers will share key insights from the report, including why today’s threat environment demands greater maturity and how to evaluate your organization’s current security posture.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • SEC0319-Cover-Feat-slide1_900px

    Robots and Drones -- the Future of Enterprise Security?

    See More
  • Cloud icon

    The future of enterprise protection: Integrated data security platforms

    See More
  • Diamond tunnel

    Thriving in 2030: The future of compliance and risk management

    See More

Related Products

See More Products
  • Physical Security and Safety: A Field Guide for the Practitioner

  • Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

See More Products

Events

View AllSubmit An Event
  • April 8, 2026

    The Future of Executive Protection: Layering Technology, Intelligence, and Response

    ON DEMAND: Digital threats to executives and other high-profile employees are evolving faster than most corporate protection programs. Learn why modern executive protection programs require data-driven, intelligence-led strategies to keep up with today’s threats.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing