Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

How to secure organizational SaaS and increase third-party visibility

By Andréa Jacquemin
software visibility

Image from Pixabay

August 16, 2022

From office productivity software to team collaboration solutions, there has been an explosion in the availability and use of Software as a Service (SaaS) applications in recent years. The pandemic has contributed to this growth, with the agile and hybrid nature of SaaS matching up perfectly with the hybrid working style.

For every company with more than 1,000 employees, there are on average several hundred SaaS solutions in use, representing several million dollars in annual costs. However, the costs might not end there, with the apps being installed and used outside the scope of corporate governance players. This exposes such organizations to the unexpected risk of cybersecurity breaches.

The great cybersecurity danger of shadow IT

It’s known that hundreds of SaaS apps are being purchased, with 30-40% of the information technology (IT) budget being spent on software or apps the IT team doesn’t know about. And the rapid growth of the SaaS market continues, with 70% of chief information officers (CIOs) claiming that agility and scalability are two of the top motivators for using SaaS applications.

Staff members might subscribe to the use of SaaS apps with positive intentions such as the improvement of efficiency and productivity. However, the process of underground digitalization (or shadow IT) is typically undertaken with a lack of regard for security, data protection and digital sovereignty.

It’s more important than ever for companies to ensure SaaS visibility, regain control of their IT ecosystems and protect their data.

Words of warning for digital businesses

The need for enhanced SaaS monitoring has been emphasized by the CISA’s Shields Up notice, urging American organizations to step up their cyberattack prevention and defense tactics due to the risks associated with Russia’s invasion of Ukraine.

The scale of cybersecurity risks is certain to grow in line with the wider adoption of SaaS. It will become increasingly common to use such applications for the storage, processing and sharing of sensitive and personal data.

From government agencies to public service organizations and energy suppliers, there are a broad range of institutions that might fall prey to cyberattacks.

Organizational reputations may be affected at the very least, while other repercussions may include the loss of users, sales and profits.

The scale of the issue has been emphasized over time — even back in 2013, 80% of workers admit to using SaaS applications at work, despite not having the IT department's approval.

Increasing SaaS visibility and security

There must be an automatic and continuous method of governance in order to minimize and eliminate the security risks of shadow IT. The CIO should assume a strategic role in enabling decentralized digitalization, with staff members being encouraged to make the best use of digital resources.

A regulatory framework must be maintained, with a focus on the safeguarding of data against cybersecurity breaches. Working in partnership with the executive committee and staff across multiple departments, there should be a shared responsibility for secure digital transformation.

There is a balance to be struck, in allowing employees a certain degree of digital autonomy, while ensuring that they go through the proper channels in the adoption of SaaS.

Designated company app stores can help IT teams maintain SaaS visibility, enabling business teams to choose the best software with guidance in the selection and minimization of organizational risks. Cloud services must be securely configured with measures being taken to protect against the illegitimate access of personal data.

With the majority of jobs being digital, it’s essential for HR and IT to collaborate in the onboarding and offboarding process. There must be a proper framework for the assured identification of governance or compliance issues. Old logins should be deleted in order to prevent criminal access to digital backdoors. Some SaaS subscriptions should be canceled based on the risk to sensitive data, with a central platform being used for monitoring purposes.

As demonstrated, the process of securing an organization's third-party SaaS applications requires effort from stakeholders across the enterprise, which is why a collective commitment to collaboration and compliance is necessary.

KEYWORDS: app cyber security initiatives risk and resilience software software security third-party cybersecurity

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Andréa Jacquemin is CEO and Co-Founder at Beamy.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Software-as-a-Service

    How to ensure your SaaS solutions are secure

    See More
  • risk-management-freepik1170x658v568.jpg

    How to make third-party risk management recession-proof in 2023

    See More
  • cyber breach

    Don’t leave third-party risk management to guesswork

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing