Enterprise brands are relying more heavily on SaaS in 2022 than ever before. However, increasing adoption of SaaS applications may be leading to unintended consequences. According to a survey of enterprise companies by Axonius, 74% of businesses say more than half of their applications are now SaaS-based. Additionally, 66% are spending more on SaaS solutions today than one year ago. However, the rising use of SaaS applications comes with complexities and heightened security risks that many organizations are failing to account for.
In surveying more than 500 senior decision makers at companies in the U.S., U.K., and Europe, Axonius found that 60% ranked SaaS security as fourth or lower on their list of current security priorities. When asked why SaaS security wasn’t a greater concern, decision-makers cited limited time and resources, pressure from the C-Suite to focus on other issues, and staffing shortages.
In an interview, Axonius CEO Dean Sysman said the biggest concern with SaaS adoption in 2022 is that most organizations are underestimating the number of applications that exist within their environments. While SaaS offers many benefits over self-hosted or on-premise software, such as flexibility, accessibility, and productivity gains, it also presents a risk for companies that aren’t up-to-date on the latest compliance and privacy protocols.
“IT and security teams already struggle to identify the assets that exist within their organizations. SaaS apps further complicate their ability to gain visibility into data and interconnectivity, manage configurations, and close security gaps, as well as track, licensing, usage, and spend,” said Sysman.
SaaS spending now accounts for the largest portion of cloud services for organizations in the U.S., according to research from Gartner, with a forecasted $176.6 billion in end-user spending by the end of 2022. In the Axonius study, 66% of enterprises reported spending more on SaaS applications today than a year ago.
The opportunities for SaaS in 2022 are virtually limitless. Communication tools like Slack and Zoom have nearly become a requirement as the number of employees working from home increases, as have task management apps like Notion and Monday.com. With the appetite for SaaS continuing to grow, the risks have become more than just hypothetical.
In an ideal world, SaaS architecture would put the responsibility of managing security onto third-party providers rather than business users. However, most security lapses occur outside the confines of a single SaaS application. Security risks increase when companies link SaaS applications together. With mid-size companies—those with 50 to 99 employees—using an average of 24 SaaS applications, the security implications grow exponentially.
Unsecure SaaS environments open businesses up to targeted security attacks, similar to what happened to GitHub earlier this year. In April, GitHub Security announced an investigation into stolen OAuth user tokens issued to two third-party OAuth integrators.
Addressing SaaS security risks going forward will require companies to rethink their priorities and enact more stringent SaaS security protocols.
Comparing the US to the UK, Axonius found that security is a bigger priority for decision-makers in the UK. Seventy-seven percent of UK respondents said knowing the amount of sensitive data being held in SaaS applications would influence them to prioritize SaaS security, while just 62% of US organizations said the same.
To see the full results of Axonius’s survey, click here.