August 27, 2024 at 09:30AM
SaaS deployments often lack central control and clarity, with responsibility for securing SaaS resting mostly on business owners/stakeholders rather than cybersecurity teams. Lack of visibility into SaaS platforms leads to security risks, as many organizations don’t know the full scope of their SaaS applications. AppOmni’s survey reveals a disconnect between security self-assessments and actual SaaS risks, with organizations needing to elevate the security of SaaS applications to a critical position.
From the provided meeting notes, the key takeaways are as follows:
1. Responsibility for securing SaaS rests primarily on the business owner or stakeholder in 50% of organizations, with relatively low involvement from the cybersecurity team. Only 15% of organizations have the cybersecurity team solely responsible for SaaS security.
2. A significant lack of clarity and visibility into SaaS platforms exists, with 34% of organizations not knowing how many SaaS applications have been deployed in their organization.
3. The attractiveness of SaaS to attackers is highlighted, with several breaches cited, emphasizing the potential risks associated with SaaS security.
4. The shared responsibility model for SaaS security is not fully understood across organizations, leading to potential confusion and a lack of engagement with the security responsibilities.
5. AppOmni’s CEO highlights the disconnect between security self-assessments and actual SaaS risks, indicating a need for organizations to do a far better job of securing SaaS deployments.
6. The report emphasizes the critical need to elevate the security of SaaS applications within companies and involve CISO and security teams in SaaS deployment and ongoing security responsibilities.
These takeaways underscore the importance of involving the cybersecurity team in SaaS deployments and ensuring a clear understanding of the shared responsibility model for SaaS security. Organizations need to address the lack of clarity and visibility into SaaS platforms and take proactive steps to enhance the security of SaaS applications.