Report: 44% of Cloud Privileges are Misconfigured

The latest Varonis 2021 SaaS Risk Report covers key trends and challenges organizations face when trying to control unsupervised identities and shadow privileges that can put data at risk across a fragmented SaaS & IaaS environment. Varonis gathered and analyzed data from over 200,000 cloud identities and hundreds of millions of cloud assets for the report. Of particular note, the report reveals that nearly 44% of cloud privileges are misconfigured.

Other key findings:

  • 3 out of 4 cloud identities for external contractors remain active after they leave.

  • 3 out of 5 users are shadow admins.

  • 15% of employees transfer business-critical data to their personal cloud accounts.

Other cyber experts shared what they are seeing in terms of SaaS security risk.

Brendan O’Connor, CEO and Co-Founder at AppOmni:

"The misconfiguration and access problems we’re seeing now aren’t new - we’re just now waking up to them. When it comes to SaaS applications, the landscape is far more heterogeneous than the consolidated on-prem technologies organizations may have used in the past. Unlike being able to focus on just a couple of key technologies, like Windows and Mac, or Android and iPhone, most enterprises use dozens or even hundreds of different SaaS applications. This means that security teams won’t be able to specialize in these technologies in the same way.

Another challenge for security teams is the dynamic nature of cloud and SaaS platforms. In addition to standard business updates - like adding or removing users or changing permissions - there are also frequent vendor releases that often include both new functionality and new security settings. The constant change inherent in cloud and SaaS platforms makes them especially vulnerable to configuration drift.

AppOmni’s research has revealed results similar to Varonis’s data. Our data shows that more than 95% of businesses have ext