Organizations are increasingly aware of the dangers of using insecure enterprise Software-as-a-Service (SaaS) apps, but that doesn’t stop them from continuing to use SaaS apps on an ad-hoc basis without a proper cybersecurity and data protection strategy.
As a result, these apps still pose a significant security risk to all users, argues a new paper published by AppOmni.
Based on a survey of 644 security decision makers from organisations with more than 2,500 employees across six countries, the report claims that only a third (32%) are confident in the security of their own or their customers' data stored in SaaS apps, down from 42% in 2023. The drop highlights a growing awareness of the challenges that enterprise SaaS apps pose when it comes to data security.
A different perspective
Further reinforcing the same point, nearly everyone (90%) says their organization has policies in place that only allow the use of approved apps. But the problem is, a third (34%) say these policies aren't enforced, up 12% from last year. Additionally, only 27% are confident in the level of security of approved apps.
To make matters worse, a third (34%) don't know how many SaaS apps are deployed within their organization. Half of those who use Microsoft 365 believe they have fewer than 10 applications connected to the platform, but AppOmni data suggests that number exceeds 1,000 connections, a more than 100-fold increase.
Finally, organizations have differing views on responsibility: Half of respondents (50%) believe that the responsibility for securing SaaS apps lies with business owners or stakeholders, while only 15% say it is the cybersecurity team's responsibility.
Brendan O' Connor, CEO of AppOmni, says there's a “clear disconnect” between security self-assessments and actual SaaS risk: “Despite increased awareness and efforts today, the situation is worsening. As breaches keep hitting the news, the number of SaaS exploits has reached 31%, a 5 percentage point increase from last year. The details of these statistics are even worse, and despite increased budgets and efforts, organizations need to do much better to secure their SaaS deployments,” he concludes.