SaaS misconfigurations lead to cybersecurity incidents

Software as a Service (SaaS) has become a critical element of business operations around the globe. However, their benefits often come at a price, as SaaS has led to security incidents across organizations.

The Cloud Security Alliance (CSA), a nonprofit promoting cybersecurity best practices, found that 43% of organizations have dealt with one or more security incidents caused by a SaaS misconfiguration. The CSA 2022 SaaS Security Survey Report identified cybersecurity challenges connected to Software as a Service.

According to the report, the main causes of SaaS security incidents are a lack of visibility into SaaS security setting shifts (34%) and too many departments being allowed access to SaaS security settings (35%). Forty-six percent of cybersecurity teams tasked with securing SaaS and monitoring for misconfigurations can only check for SaaS vulnerabilities on a monthly basis.

"SaaS ecosystems are becoming more difficult for security teams to configure correctly because the size, scope and complexity of enterprise SaaS ecosystems are increasing rapidly. Some of the largest SaaS platforms have essentially become a new breed of operating system for the business," said Brendan O'Connor, CEO and Co-Founder of AppOmni.

"Enterprises typically use dozens or even hundreds of SaaS platforms across their organization. Unfortunately when it comes to security, there is very little standardization across SaaS vendors, which leaves resource-constrained security teams scrambling to understand the security and configuration nuances of each SaaS platform."

For more report findings, click here.

Madeline Lauver is the Editor in Chief of Security magazine. Lauver joined Security in 2021 as its Assistant Editor, and she covers news affecting enterprise security leaders, including physical security, cybersecurity, leadership and management, risk and resilience and more. Within her role at Security, Lauver focuses on news articles, web exclusives, features and several departments for Security’s monthly digital edition, as well as managing social media and multimedia content. Lauver graduated in 2019 with a B.A. in English, German and Media Studies from Kalamazoo College.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.