Business-critical Apps Are the No. 1 SaaS Security Challenge, Security Professionals Say

28 Jun Business-critical Apps Are the No. 1 SaaS Security Challenge, Security Professionals Say

Here’s how security teams can ensure the safe usage of GenAI.

– Hananel Livneh, Head of Product Marketing, Adaptive Shield

Tel Aviv, Israel – Jun. 28, 2024

More than 70 percent of enterprises are struggling today to monitor security risks from business-critical SaaS applications, despite growing maturity in the field of SaaS cybersecurity,  according to a new survey released this month by the Cloud Security Alliance (CSA).

The top 10 most difficult business-critical apps to secure include Microsoft 365, Salesforce,  GitHub, Jira, Microsoft Teams, and Google Workspace, the survey found.

[Figure 1: Top 10 most challenging applications to manage from a security perspective]

 The recent annual SaaS Security Survey, “2025 CISO Plans and Priorities,” was conducted by the CSA and commissioned by SaaS security leader Adaptive Shield. A total of 478 global security professionals across verticals participated in the survey. The survey shares their perspective on SaaS security successes and challenges as CISOs set priorities for 2025. 

Download the full SaaS security survey report

Here are the survey key findings:

SaaS Security is More Important Than Ever

Amid the rapid growth in the SaaS market that is driving enterprises to manage operations and store sensitive corporate data in cloud-based services, the survey points to the growing importance of SaaS security to organizations.

“In an era where SaaS platforms power a wide spectrum of industries, the threat of SaaS breaches looms larger than ever,” the CSA said in the report. “For years, SaaS security has been an afterthought. However, the landscape depicted in this year’s survey paints a dramatically different picture, one where SaaS security has surged to the forefront of corporate agendas.”

The survey found that 80 percent of organizations are now prioritizing SaaS security, with 41 percent making it a high priority and 39 percent a moderate priority.

[Figure 2: Security professionals rate the priority level of SaaS security in their organization]

Additionally, in 2023 organizations significantly increased investment in SaaS security despite economic instability and major job cuts.  In fact, the survey found, enterprises added 39 percent to SaaS security budgets and 56 percent more headcount compared with last year.

[Figure 3: How investment in SaaS security has increased from 2022 to 2023]

Emergence of SaaS Security Roles

More than 70 percent of enterprises have established dedicated teams to secure SaaS applications, a trend identified for the first time in the annual surveys.

This emergence of SaaS-centric security roles includes 57 percent with a SaaS security team of at least two full-time staffers, while another 13 percent with a dedicated person for securing SaaS applications. 

“This pivot is not merely theoretical but operational, with security teams and application owners joining forces to fortify their SaaS environments,” the CSA said in the report.

SaaS Security Capabilities Are Improving

Organizations have significantly improved key SaaS security capabilities compared to the previous year, the survey found. As a result, 62 percent of organizations now consider their SaaS security posture to be moderately to highly mature.

[Figure 4: How organizations perceive their SaaS security maturity]

In particular, visibility into the SaaS stack is increasing. Today, 70 percent of organizations have moderate (47 percent) to full visibility (23 percent) into their SaaS applications, with those achieving full visibility having more than doubled over the past year, the report said.

Detection capabilities surrounding multi-factor authentication (MFA) attacks have also improved to 62 percent from 47 percent a year ago. In threat detection, 62 percent of respondents state their ability to detect abnormal user behavior, compared with 44 percent a year ago.

 Challenges Remain in SaaS Security Efforts 

While organizations have improved SaaS security oversight, 73 percent surveyed pointed to achieving visibility into business-critical apps as their biggest challenge.

Additional challenges include tracking and monitoring security risks from third-party connected apps (65 percent); locating and fixing SaaS misconfigurations (65 percent); ensuring data governance and privacy (63 percent); and aligning SaaS application settings with compliance standards (61 percent).

[Figure 5: Security professionals rate the biggest challenges in SaaS security]

Despite the Challenges, SaaS Security Investments Are Paying Off

The stats the survey uncovered clearly demonstrate that organizations are benefiting from investments in SaaS security. In fact, the survey identified a positive trend: 25 percent of respondents experienced a SaaS security incident in the past two years, compared with 53 percent last year.

The most common security incidents reported were data breaches (52 percent) and data leakage (50 percent), followed by unauthorized access (44 percent) and malicious applications (38 percent).

[Figure 6: Thanks to investment in SaaS security, the number of breaches declined over the past year] 

SSPM Users are Able to Better Handle SaaS Security Challenges

The survey found further that companies that have adopted SaaS Security Posture Management (SSPM) are faring better than those using other tools, such as CASB and manual audits, to secure the SaaS stack.

According to comparative data, those using SSPM are more than twice as likely to have full visibility into their SaaS stack: 62 percent of these organizations are able to oversee over 75 percent of their SaaS environment compared to those who utilize other tools and manual processes in their strategy (31 percent).

SSPM users were also more likely to find key SaaS Security tasks to be easy, while non-SSPM users found them to be very hard. 

Importance of Refining SaaS Security Strategies

In conclusion, the CSA said that survey demonstrates a positive momentum in SaaS security strategy. From establishing teams to implementation of new SaaS security processes and tools, organizations across the board are prioritizing efforts in SaaS security.  ​​The integration of SSPM emerges as a factor in enhancing an organization’s SaaS security, the report said.

The survey highlights the importance of revisiting and refining SaaS security strategies within organizations to include tools that specifically address SaaS security. This can help shore up the current difficulties and address security gaps they are currently facing, thus reducing the likelihood of a SaaS security incident in the future.

Read the full SaaS security survey report now

Hananel Livneh is Head of Product Marketing at Adaptive Shield. He joined Adaptive Shield from Vdoo, an embedded cybersecurity company, where he was a Senior Product Analyst. Hananel completed an MBA with honors from the OUI, and has a BA from Hebrew University in Economics, Political Science and Philosophy (PPE). Oh, and he loves mountain climbing.

---