Mar 04, 2023 marked the launch of Wing Security’s free SaaS-Shadow IT discovery solution, a SaaS Security Posture Management (SSPM) company. Within weeks of launching, over 200 companies enrolled in their self-service free discovery tool, to gain insight into their employees’ SaaS usage. However, a recent report on the findings from hundreds of companies revealed unsettling numbers. 71.4% of companies were using an average of 2.4 SaaS applications that had been breached in the past three months, and 58% of SaaS applications were used by only one employee. Additionally, a quarter of organizations’ SaaS users were external.
These numbers point to the tangible risks of growing SaaS usage, which often prove difficult to govern. IAM/IM systems help organizations regain control over a portion of their employees’ SaaS usage; however, this control is limited to the sanctioned SaaS applications that IT/Security knows about. This is especially true for SaaS applications that don’t require a credit card or offer a free version.
SaaS related risks can be categorized into three different types: applications related, users related, and data related. Applications related risks include those with a low security score, indicating a higher probability of vulnerability, or applications that have recently been compromised but have permissions into the organization’s data. Users related risks are due to employees granting permissions without being aware of the meaning behind them. Data related risks include sensitive files being shared on applications not meant for file sharing, secrets shared on public channels, or massive amounts of files being shared externally and then forgotten about.
It is critical for organizations to have visibility into their employees’ SaaS usage in order to make informed decisions and take remedial actions to mitigate these risks. The expectation is that basic SaaS-Shadow IT discovery should no longer come at a cost, as it should be a fundamental commodity for organizations aiming to secure their SaaS environment.
In conclusion, SaaS usage is growing rapidly and poses significant security risks when ungoverned. Organizations should leverage SSPM solutions to gain visibility into their employees’ SaaS usage and take remedial actions to mitigate against risk. Moreover, basic SaaS-Shadow IT discovery should be a fundamental commodity for organizations, and should no longer come at a cost.
Key Points:
• Mar 04, 2023 marked the launch of Wing Security’s free SaaS-Shadow IT discovery solution.
• A recent report revealed 71.4% of companies using an average of 2.4 SaaS applications that had been breached in the past three months.
• SaaS related risks can be categorized into three types: applications related, users related, and data related.
• It is critical for organizations to have visibility into their employees’ SaaS usage in order to make informed decisions and take remedial actions.
• Basic SaaS-Shadow IT discovery should be a fundamental commodity for organizations, and should no longer come at a cost.