When it comes to keeping SaaS stacks safe, IT and security teams need to be able to streamline misconfiguration detection and remediation to best protect their SaaS stack from threats. While businesses are increasingly adopting apps, their proliferation of SaaS security tools and workforces is lagging, as evidenced by the 2022 SaaS Security Research Report.
The research report, completed by Adaptive Shield in partnership with Cloud Security Alliance (CSA), delves into how CISOs today are managing the growing attack surface of SaaS apps and the steps they are taking to secure their organizations.
The report shows that at least 43% of organizations have experienced a security incident as a result of incorrect SaaS configuration; however, if another 20% is “uncertain”, the actual number could be as high as 63%. These numbers are particularly striking when compared to the 17% of organizations experiencing security incidents as a result of IaaS misconfiguration.
With this in mind, the question is: how quickly are SaaS misconfigurations detected and how long does it take to fix the problem? To answer these questions, it is important to distinguish between organizations that have implemented an SSPM solution and those that have not.
Manual discovery and recovery
For organizations that don’t already have an SSPM on board, the IT and security teams can only manually check the many configurations of the apps to secure their SaaS stack. This means that in addition to being aware of how to recover from misconfigurations, security teams must also perform regular security checks to manually detect any of these misconfigurations. The longer it takes for one of these actions to complete, the longer the business is exposed to threats.
One of the biggest problems facing organizations’ security teams is the overwhelming amount of manual work. Businesses today depend on dozens and dozens of mission-critical apps, each with hundreds of configurations, which must then be set up based on the hundreds to thousands of employees.
Nearly half (46%) of respondents, as shown in Figure 2, check their SaaS security monthly or less often, and another 5% don’t check at all. It seems that security teams are overwhelmed with the workload and struggle to stay on top of all settings and permissions. As organizations use more and more apps, their visibility into all configurations grows.
Figure 2. Frequency of SaaS Security Configuration Checks
When a security check fails, security teams need to go in and understand exactly why the check failed and the best way to resolve the issue. About 1 in 4 organizations, as shown in Figure 3, takes a week or more to resolve a misconfiguration with manual restore. In general, security teams trying to manage their SaaS security are not only overwhelmed, but in turn leave the organization exposed for a longer period of time.
Figure 3. Time to Resolve Saas Misconfigurations
How SSPM fast track recovery and discovery
Organizations using SSPM, such as Adaptive Shield, can perform more frequent security checks and fix misconfigurations in a shorter amount of time. An SSPM enables security teams to conduct frequent audits in accordance with both industry standards and company policies. The SaaS Security Survey Report 2022 found that the majority of these organizations (78%) perform security audits once a week or more, as shown in Figure 4.
Figure 4. Comparison of SaaS Security Configuration Check Frequency
When a misconfiguration is detected, 73% of organizations using an SSPM have resolved it within a day and 81% within a week, as shown in Figure 5. However, a good SSPM solution does not only evaluate failed security checks caused by misconfigurations, but will also assess risk and configuration weakness – and provide exact instructions on how to fix the problem.
Figure 5. Comparison of Time to Resolve Misconfigurations
SSPM not only reduces the workload for security teams, but also eliminates the need for them to be experts in every SaaS app and its settings. The data presented in the 2022 SaaS Security Survey Report shows the drastic differences between companies that do and don’t use SSPM, and show how valuable an SSPM, such as Adaptive shieldis for SaaS security discovery and remediation.