2023年SaaS安全调查报告（英）-26页-WN7.pdf

《2023年SaaS安全调查报告（英）-26页-WN7.pdf》由会员分享，可在线阅读，更多相关《2023年SaaS安全调查报告（英）-26页-WN7.pdf（26页珍藏版）》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。

1、1The Annual SaaS Security Survey Report:2024 Plans&Priorities All rights reserved to Adaptive Shield&Cloud Security AllianceThe Annual SaaS Security Survey ReportPla n s a nd Pr ior itie s 202 42The Annual SaaS Security Survey Report:2024 Plans&Priorities All rights reserved to Adaptive Shield&Cloud

2、 Security AllianceContentsKey Findings 3Survey Creation and Methodology 4Data&Discussion 5 SaaS Security Incidents on the Rise 5 Current SaaS Security Strategies and Methodologies Dont Go Far Enough 6 Stakeholder Spread in Securing SaaS Applications 8 How Organizations Are Prioritizing Policies&Proc

3、esses for Their Entire SaaS Security Ecosystem 9 Investment in SaaS and SaaS Security Resources are Drastically Increasing 12Demographics 15Appendix A:Survey Results 17Acknowledgements 26About the Sponsor 263The Annual SaaS Security Survey Report:2024 Plans&Priorities All rights reserved to Adaptive

4、 Shield&Cloud Security AllianceKey Findings 1SaaS Security Incidents on the Rise55%of organizations report that they experienced an incident in the past two years,with another 12%unsure.These findings underscore that companies are coming to understand the harsh reality that common on-prem types of a

5、ttacks,such as ransomware,malware,and data breaches,can also occur in their cloud SaaS environments.2Current SaaS Security Strategies and Methodologies Dont Go Far EnoughThe survey finds that over half(58%)of organizations estimate their current SaaS security solutions only cover 50%or less of their

6、 SaaS applications.Its becoming clear that manual audits and CASBs are not enough to protect companies from SaaS security incidents.3Stakeholder Spread in Securing SaaS AppsCISOs and security managers are shifting from being the controllers to governors as the ownership of SaaS apps are spread out t

7、hrough all the different departments of their organization.Alignment,communication and collaboration are key to being able to secure the organizations SaaS stack.4How Organizations Are Prioritizing Policies&Processes for Their Entire SaaS Security EcosystemSaaS security continues to adapt to encompa

8、ss the expanding broad range of concerns in the SaaS Ecosystem,including SaaS Misconfigurations,SaaS-to-SaaS Access,Device-to-SaaS Risk Management,Identity and Access Governance,and Identity Threat Detection&Response(ITDR).Organizations are putting robust policies,processes,and capabilities in place

9、 that are essential for protecting these different domains.5Investment in SaaS and SaaS Security Resources Are Drastically Increasing66%of organizations have increased their investment in apps,with 71%increasing their investment in security tools for SaaS.More specifically,the survey shows that adop

10、tion of SaaS Security Posture Management(SSPM)solutions has grown significantly,increasing from 17%in 2022 to 44%in 2023.This can be attributed to the fact that SSPMs provide coverage in areas where other methods and strategies have fallen short,offering more comprehensive protection against various

11、 security risks throughout the whole SaaS Security Ecosystem.4The Annual SaaS Security Survey Report:2024 Plans&Priorities All rights reserved to Adaptive Shield&Cloud Security AllianceSurvey Creation and MethodologyGoals of the StudyThe Cloud Security Alliance(CSA)is a not-for-profit organization w

12、ith a mission to widely promote best practices for ensuring cybersecurity in cloud computing and IT technologies.CSA also educates various stakeholders within these industries about security concerns in all other forms of computing.CSAs membership is a broad coalition of industry practitioners,corpo

13、rations,and professional associations.One of CSAs primary goals is to conduct surveys that assess information security trends.These surveys provide information on organizations current maturity,opinions,interests,and intentions regarding information security and technology.Adaptive Shield commission

14、ed CSA to develop a survey and report to better understand the industrys knowledge,attitudes,and opinions regarding SaaS application use,SaaS security policies and processes,SaaS threats,and SaaS security strategy/solutions.Adaptive Shield financed the project and co-developed the questionnaire with

15、 CSA research analysts.The survey was conducted online by CSA in March of 2023 and received 1130 responses from IT and security professionals from organizations of various sizes and locations.CSAs research analysts performed the data analysis and interpretation for this report.The primary objectives

16、 of the survey were to gain a deeper understanding of several critical aspects of SaaS security in organizations.Current SaaS application use in organizationsOrganizations security policies and processes regarding SaaS applicationsAwareness and experience with SaaS threatsCurrent and future use of s

17、ecurity solutions5The Annual SaaS Security Survey Report:2024 Plans&Priorities All rights reserved to Adaptive Shield&Cloud Security AllianceKey Finding#1SaaS Security Incidents on the RiseThe survey reveals a significant increase in security incidents within the SaaS ecosystem,with 55%of organizati

18、ons reporting that they experienced an incident in the past two years,up 12%from the previous year.About a third(32%)of respondents stated that they hadnt encountered a SaaS security incident within the same period,while 12%were unsure.The findings underscore that many companies are coming to unders

19、tand the harsh reality that common on-prem types of attacks,such as ransomware,malware,and data breaches,can also occur in their SaaS environments.Has your company experienced a SaaS application security incident within the past two years55%Yes32%No12%UnsureWhat type of security incident(s)have you

20、experiencedData LeakageSaaS RansomwareData BreachMalicious AppsCorporate EspionageData&Discussion In todays digital landscape,SaaS security is of critical importance for organizations of all sizes.As businesses increasingly move their operations and data to the cloud,or more specifically SaaS applic

21、ations,the security of these apps becomes paramount.While SaaS applications are secure by design,the way they are configured and governed is what poses a risk.Without proper security measures,organizations are exposed to data breaches,cyber-attacks,and other security incidents that can result in sig

22、nificant financial and reputational damage.Understanding SaaS security is therefore essential for organizations to protect themselves from these risks.Its with this backdrop that this survey returns,delving into the intricacies of SaaS security and offering a follow-up to last years report.Below are

23、 this years findings and insights.6The Annual SaaS Security Survey Report:2024 Plans&Priorities All rights reserved to Adaptive Shield&Cloud Security AllianceKey Finding#2Current SaaS Security Strategies and Methodologies Dont Go Far EnoughInsufficient Monitoring of SaaS ApplicationsA key contributo

24、r to the noted increase in SaaS security incidents,the findings from the survey suggest that a significant number of organizations are falling short when it comes to implementing effective SaaS security measures.Many companies are using security solutions that do not cover their entire SaaS stack,le

25、aving their applications and data exposed to cyber threats.Specifically,the survey found that over half(58%)of organizations estimate their current SaaS security solutions only cover 50%or less of their SaaS applications.Percentage of the SaaS applications monitored by SaaS security solutions25%of t

26、hestack is monitored28%of organizations50%of thestack is monitored33%of organizations75%of thestack is monitored20%of organizationsNone of themmonitored6%of organizationsUnsure6%of organizations100%of thestack is monitored7%of organizationsWhat type of security incident(s)have you experiencedData Le

27、akageSaaS RansomwareData BreachMalicious AppsCorporate Espionage58%11%40%41%47%32%Insider AttackAmong the most prevalent SaaS security incidents reported were data leakage(58%),malicious apps(47%),data breaches(41%),and SaaS ransomware(40%),highlighting the growing need for robust security measures

28、and increased awareness of the potential risks associated with the expanding SaaS landscape.Key Finding#1/SaaS Security Incidents on the Rise7The Annual SaaS Security Survey Report:2024 Plans&Priorities All rights reserved to Adaptive Shield&Cloud Security AllianceCASBs and Manual Audits Falling Sho

29、rt for SaaS securityKey Finding#2/Current SaaS Security Strategies and Methodologies Dont Go Far EnoughMany organizations rely on Cloud Access Security Brokers(CASBs)and manual audits to secure their SaaS applications.However,these methods are proving to be insufficient in a number of key areas.Addi

30、tionally,manual audits expose company data between audits,leaving organizations at risk for security incidents during those gaps.These findings indicate that organizations need to reevaluate their security strategies and invest in more comprehensive solutions and strategies that provide full coverag

31、e across their SaaS ecosystem to reduce the risk of security incidents.This is also likely what is contributing to the increased use of SaaS Security Posture Management(SSPM)tools.What percentage of organizations are getting full SaaS security coverage from CASB and manual auditsIdentity and Access

32、Governance15%CASB14%Manual AuditsSaaS Threat11%CASB13%Manual AuditsData Loss Prevention14%CASB13%Manual Audits3rd Party App Discovery10%CASB10%Manual AuditsSaaS User Device Risk Management12%CASB11%Manual AuditsSaaS Misconfigurations10%CASB10%Manual AuditsThese findings highlight the pressing need f

33、or companies to reassess their security solutions and ensure they provide comprehensive coverage across their entire SaaS ecosystem.By doing so,organizations can significantly reduce their risk of security incidents,including data breaches,ransomware attacks,and other types of cyber-attacks.Ultimate

34、ly,this will help to safeguard their reputation and maintain the trust of their customers.8The Annual SaaS Security Survey Report:2024 Plans&Priorities All rights reserved to Adaptive Shield&Cloud Security AllianceIn addition to monetary investments in tools,security,and staff,organizations are incr

35、easingly involving numerous stakeholders in the process of securing business-critical applications.Across a typical organization,a wide array of SaaS apps are used from file sharing and collaboration apps to CRM,project and work management,marketing automation,and many more.SaaS apps fill a variety

36、of niche roles,yet this stakeholder spread complicates the threat landscape.Now,CISOs and security managers are shifting from being the controllers to governors of SaaS app security,and the survey shows how many of those engaged in security governance hold executive-level positions or serve as depar

37、tment heads,indicating that businesses are taking SaaS security seriously.The involvement of key decision-makers underscores the growing recognition of the critical role that SaaS security plays in protecting valuable assets and ensuring operational continuity.However,with so many individuals involv

38、ed,it can become challenging to determine who is ultimately responsible for SaaS security.SaaS applications often require close collaboration between the security team and app owners,as the security team may not always have direct access to the SaaS app.This necessitates processes and tools that can

39、 bridge the gap and actively engage app owners,who are crucial for effective SaaS security management.By fostering a collaborative environment and implementing solutions or strategies that facilitate communication and coordination between security teams and app owners,organizations can create a more

40、 robust and streamlined approach to securing their business-critical applications.This,in turn,will help minimize potential threat and ensure a higher level of protection against the ever-evolving landscape of SaaS security threats.Key Finding#3Stakeholder Spread in Securing SaaS ApplicationsTitles

41、involved in securing business-critical appsGRC TeamI dont know/OtherHead of Security43%Cloud Security Architects42%Security Operations39%IT38%Business Application Owner29%CIO26%16%4%9The Annual SaaS Security Survey Report:2024 Plans&Priorities All rights reserved to Adaptive Shield&Cloud Security Al

42、lianceOver the past year,the focus of SaaS security has evolved significantly,driven by factors such as increased investment in business-critical SaaS applications,a rise in security incidents,and the growing number of threat actors targeting SaaS apps.Previously,organizations and security tools,lik

43、e SSPMs,were primarily focused on misconfiguration management.However,SaaS security has adapted to encompass a broader range of concerns,including SaaS-to-SaaS Access,Device-to-SaaS Risk Management,Identity and Access Governance,and Identity Threat Detection&Response(ITDR).Key Finding#4How Organizat

44、ions Are Prioritizing Policies&Processes for Their Entire SaaS Security EcosystemSaaS Policies and ProceduresMisconfiguration ManagementWith the rising importance of SaaS in the business landscape,having robust policies,processes,and capabilities in place is essential for protecting an organizations

45、 SaaS stack and the data it contains from threat actors.Organizations are now putting measures in place to address key areas.The data below presents what organizations are starting to prioritize when securing their SaaS stack throughout the different domains of the SaaS Security Ecosystem.Addressing

46、 misconfiguration issues is vital to protect an organizations SaaS stack from misconfigured security settings that can be exploited by threat actors.The main priorities for misconfiguration management of respondents include:With a strong system and process in place,these high-impact areas can help r

47、educe the SaaS attack surface.Communication and collaboration between security and app owner teamsDetailed fixes and mitigation of misconfigurationsPrioritization based on the application,security domain,and risk level10The Annual SaaS Security Survey Report:2024 Plans&Priorities All rights reserved

48、 to Adaptive Shield&Cloud Security AllianceKey Finding#4/How Organizations Are Prioritizing Policies&Processes for Their Entire SaaS Security EcosystemThese priorities reflect the need for strong systems and processes in place to protect against third-party app access threats.Ensure each user has th

49、e right level of access neededNotification of Admin accessDetect dormant accounts to quickly ensure the deprovisioning of their access to SaaS if neededDetect users that have been disabled in the Active Directory but still have access to SaaS applicationsAuthentication practices(e.g.,key management,

50、certificate management)SaaS Identity and Access Governance Proper identity and access governance is essential for safeguarding sensitive data within the SaaS ecosystem.The priorities in Identity and Access Governance in organizations today include:Is your security team able to identify and manage us