Dismal SaaS management ups cybersecurity risk

Forty-three percent of IT and security professionals reported experiencing at least one security incident stemming from software-as-a-service misconfigurations, according to TechRepublic. A Cloud Security Alliance report revealed that SaaS app security settings access among too many departments, as well as limited visibility in SaaS security settings changes, were the primary reasons for SaaS misconfigurations. Moreover, business-critical SaaS application investments have been exceeding the growth of SaaS security tools and staff, with 81% reporting elevated SaaS use but only 73% and 55% reporting increased security tools deployment and SaaS security staffing, respectively. "SaaS is purchased but often not maintained, given due rigor in configuration, or otherwise treated like any other application due to this misperception," said Gartner Infrastructure Protection Team Senior Director Analyst Charlie Winchless. Organizations have been recommended to leverage SaaS security posture management tools and cloud access security brokers to address SaaS security gaps. "One other key control is ensuring all SaaS is at least federated with enterprise identity and that access is protected by strong authentication such as MFA–a recommendation that goes at least double for administrative accounts," Winchless said.