The latest Varonis 2021 SaaS Risk Report covers key trends and challenges organizations face when trying to control unsupervised identities and shadow privileges that can put data at risk across a fragmented SaaS & IaaS environment. Varonis gathered and analyzed data from over 200,000 cloud identities and hundreds of millions of cloud assets for the report. Of particular note, the report reveals that nearly 44% of cloud privileges are misconfigured.
Other key findings:
3 out of 4 cloud identities for external contractors remain active after they leave.
3 out of 5 users are shadow admins.
15% of employees transfer business-critical data to their personal cloud accounts.
Other cyber experts shared what they are seeing in terms of SaaS security risk.
Brendan O’Connor, CEO and Co-Founder at AppOmni:
"The misconfiguration and access problems we’re seeing now aren’t new - we’re just now waking up to them. When it comes to SaaS applications, the landscape is far more heterogeneous than the consolidated on-prem technologies organizations may have used in the past. Unlike being able to focus on just a couple of key technologies, like Windows and Mac, or Android and iPhone, most enterprises use dozens or even hundreds of different SaaS applications. This means that security teams won’t be able to specialize in these technologies in the same way.
Another challenge for security teams is the dynamic nature of cloud and SaaS platforms. In addition to standard business updates - like adding or removing users or changing permissions - there are also frequent vendor releases that often include both new functionality and new security settings. The constant change inherent in cloud and SaaS platforms makes them especially vulnerable to configuration drift.
AppOmni’s research has revealed results similar to Varonis’s data. Our data shows that more than 95% of businesses have external users that are over-provisioned with access to sensitive data. Additionally, more than 55% of businesses have sensitive data exposed to the anonymous internet. These numbers are unacceptable and should be a red flag to all CISOs and CIOs. As major SaaS platforms like Salesforce, Workday, ServiceNow, and Microsoft 365 evolve and grow in functionality and complexity, businesses should be using automated tools and processes to continuously monitor and manage user permissions and configurations."
Joe Malenfant, Vice President at Vectra:
"We have seen a similar trend around cloud accounts abusing privilege. In 2019, 40% of organizations suffered O365 account takeovers, and with the rapid adoption of cloud services during the global pandemic, that number skyrocketed to 71% having 7 or more account takeovers in 2020. Based on what we have observed in O365, we have expanded our research to include AWS, and subsequently last year were awarded a patent thanks to how we detect privilege account misuse and compromise. Many of the recent ransomware campaigns that have made headlines (as well as those that have not) are credential based attacks. That’s why it is important to focus on detecting malicious use of legitimate applications and services."