In recent years, the number of companies utilizing software as a service (SaaS) solutions has grown exponentially. This has led to what IT experts refer to as the “Saas Sprawl.” Indeed, a recent global survey showed that around 66% of organizations worldwide had spent significantly more on SaaS. Conversely, companies spend less on physical data infrastructure/infrastructure as a service (IaaS).
However, while SaaS spending is up, many companies do not consider it a priority area for cloud security. They ranked SaaS security fourth or lower on the list.
A Need for More Comprehensive Action
Companies consider SaaS Sprawl a security challenge because most of them have little to no visibility of what’s happening in these systems.
According to Charlie Winckless, senior director-analyst for infrastructure protection for research company Gartner, IT security teams hardly ever look at the SaaS applications adopted by an organization or individuals working for such organizations. As a result, IT security has no idea whether or not the app is secure. After all, has never taken a closer look at its controls. Nor has it made decisions as to whether or not it works for the data being placed in it.
Most people deciding whether or not to use SaaS solutions make their purchases based on convenience and accessibility. They do not consider the possible security risks these may pose to their organizations. Winckless added that, in most companies, security is rarely a tech issue. However, organizations can alleviate this by making SaaS part of an organization’s cloud center of excellence. In this case, IT security will need to approve SaaS applications for common use within a company.
Likewise, Winckless recommends that businesses add tools to their cloud which are normally covered by cloud access security brokers (CASBs) once they are aware as to what applications are currently within use throughout their organizations. After all, expert CASBs use flexible and dynamic risk matrices and scores that will help in-house personnel determine the security risk posed by numerous SaaS apps.
For his part, DoControl’s director of products Corey O’Connor opines that security should be at the forefront whenever companies decide to deploy SaaS applications within their organizations. If it isn’t, it is highly possible that leaks in security caused by these applications will lead to a slow down in business workflow. This is the opposite of why SaaS apps are brought in and deployed in the first place.