A new report from software-as-a-service company DoControl Inc. has found that 40% of all SaaS data access is unmanaged, creating significant insider and external threats.
Described as a wakeup call to chief information officers and chief information security officers and the enterprises they protect, the report details the significant threat of unchecked and named data access by the SaaS provider and how it is often underestimated. The findings came from a study of an average 1,000-person company with data stores of between 500,000 and 10 million assets in SaaS applications. Companies enabling public sharing may face up to 200,000 of these assets being shared publicly.
Cyber experts from around the world weighed-in on the data from this report.
Tim Bach, Vice President of Engineering at AppOmni:
"SaaS has become the go-to technology solution in the enterprise over the past decade and is now increasingly important in day-to-day business operations. Applications such as Salesforce, ServiceNow, Workday, Microsoft365, GSuite, Box and Slack support the vital activities of every line of business within the organization. Their ubiquity and convenience make these applications almost invisible to those who rely on them and they are used almost without thought. This transparency creates a paradox, however. By almost any objective criteria—sensitivity of data, importance to business operations, need for data integrity, etc.—these applications and the data they contain are part of the critical IT infrastructure stack. But they receive little attention from administrators responsible for managing and securing critical enterprise IT. SaaS is not typically given the same level of due diligence as IaaS, bare metal, and other elements of the IT infrastructure stack. This leaves organizations vulnerable to leaks and breaches that can compromise the integrity of sensitive information, disrupt operations and damage reputation and market value. We, as security practitioners, need to treat SaaS as critical infrastructure and invest accordingly to secure it."
Howard Ting, CEO at Cyberhaven:
"This should be an immediate wake-up call for the industry. As enterprises move their data to the cloud, the potential exposure of that data mushrooms by orders of magnitude as insiders, p