40% of SaaS assets are unmanaged, putting companies at risk for data leaks
DoControl announced a report which provides data-driven insights into the growing number of external and insider threats due to vast amounts of unmanageable data in today’s enterprises. Based on customer data, the findings clearly illustrate there is a magnitude of SaaS data exposure, with 40% of all SaaS assets unmanaged, providing internal, external and public data access.
SaaS data exposure putting companies at risk
According to Gartner, global SaaS revenue will grow nearly 38% to more than $140 billion between 2019 and 2022. Although cloud-based applications dramatically increase the efficiency and productivity throughout an enterprise, there is a significant threat that is often underestimated by CIOs and CISOs – unchecked and unmanaged data access by the SaaS provider. And with the growing adoption of SaaS applications, this threat is growing exponentially, putting companies at greater risk for data leaks.
As a benchmark, the average 1,000 person company stores between 500K and 10M assets in SaaS applications. Companies enabling public sharing may face up to 200,000 of these assets being shared publicly.
Insider threats
- Of the companies analyzed, an average of 400 encryption keys are shared internally to anyone with a link.
- 20% of SaaS assets are shared internally with a link, exposing many employees to data points they are not authorized to consume.
- 8% of employees share assets from their corporate with their personal accounts, exposing many former employees to ongoing company data.
External threats
- Between 1,000 and 15,000 external collaborators (vendors, contractors, customers, partners, prospects, media, analysts, etc.) have access to company data.
- Between 200 and 3,000 external (specifically third-party) companies have access to company assets.
- 18% of SaaS application assets are shared externally and remain shared externally even after deleting users.
“The past year forced many organizations to collaborate with many external parties and adjust their existing workforce to support remote collaboration,” stated Adam Gavish, CEO at DoControl.
“To date, security practitioners focused on enabling SaaS access in a secure manner, now is the time for them to prioritize the relevancy of this data access internally and externally. Unmanageable data access poses a significant risk to any organization and increases the likelihood for a data breach. While SaaS apps are designed to promote collaboration, in this ever growing attack surface security teams must pay attention to ongoing data access at scale.”