The shift to remote working caused an explosion in the use of SaaS apps for virtual collaboration and document sharing. But this has not been without risk, especially when the data within is unstructured. Maximizing visibility and keeping tabs on access rights is key to protecting this new perimeter for security said Grady Summers, Executive Vice President of Product at SailPoint.
We have seen the business world’s resilience and ability to adapt to the ‘new normal’ tested during the pandemic like never before. SaaS adoption has enabled the ease and convenience of access to important work files and documents anywhere and anytime. Apps like Zoom and Dropbox meant ‘business as usual, enabling an almost seamless operation throughout an unprecedented crisis that could have easily brought the world to a halt.
While encouraging to see business productivity and continuity go unpaired, these systems are complex. Visibility can be difficult to obtain – and there is an increasing level of concern as to whether these applications have been downloaded and configured appropriately. This eruption of SaaS adoption and document sharing brings its own risk if it’s not properly secured.
The proliferation of data
Whilst remote working fuelled the use of SaaS apps that could allow us to share documents easily, this is often outside the purview of IT. Easy to download and convenient to keep using, on average, there are 3 to 4 times more SaaS apps in use at a company than the IT department is aware of. But this reduced visibility means the data within those documents lacks proper protection.
This has the potential to open the security risk floodgates for cybercriminals to take advantage of – not just of the sensitive information within these apps – but who has access to them. As a result, organizations are unknowingly expanding their threat surface.
What’s all the fuss with unstructured data?
In 2020 the amount of data created grew to 59ZB – valuable to organizations of all types and sizes – but this proliferation of data brings its own set of challenges. That’s because most of this is unstructured – making up over 80% of data in existence, in fact. It creates big problems, since this is where organizations lack real visibility into where data resides, and who owns it. Official records are often in the form of unstructured data – whether emails, business plans or customer data – stored in data repositories such as SharePoint and OneDrive.
Whilst SaaS applications house large volumes of structured and unstructured data, it is the unstructured data that causes companies the biggest problems. Where are they stored? Have they been shared? Who has access to them? Lacking proper identity security policies which can govern employee access to these SaaS apps and the data stored in them is a major cyber security risk for organizations, with unstructured data the leading contributor to the rise in security compromise.
To gain a better understanding of the risk companies face with regards to SaaS applications and the data they store, we recently conducted a survey with Dimensional Research.
The research highlights the promising future for SaaS, with 92% of companies moving their unstructured data to the cloud. However, 76% of companies have encountered challenges with protecting their unstructured data – including unauthorized access, data loss, compliance fines and more.
Why is managing access so difficult?
More than 4 out of 10 companies admitted they don’t know where all of their unstructured data is located. In addition, nearly every company surveyed reported managing access to unstructured data as difficult, specifying numerous challenges such as too much data, a lack of single access solution for multiple repositories and lack of visibility into access.
It is unsurprising, given this data, that a Canalys report found companies spending record sums on cybersecurity in order to protect the rapid digital transformation we have experienced over the last year. 50% of European businesses stated that investing in new security technology was their highest prevention spending priority. Yet, despite these efforts and intentions, the number of successful attacks continues to be higher than ever, with Canalys reporting that “more records were compromised in just 12 months than in the previous 15 years combined.”
Why is it important to regularly review user access privilege?
Our survey found that more than a quarter of companies fail to perform regular reviews of user access privileges. One-third of companies lack real-time alerting when unauthorized access occurs with unstructured data.
By extending identity security at the implementation stage to manage data access there is hope, ensuring the right people have the right access, no more no less. This solution provides an automated approach for updating user access levels, logging where data is, clarifying the type of data stored, and alerting companies to unauthorized access. When IT has all the information and visibility on an organization’s users and their access – both data and applications – they have the power to quickly make the right decisions, reducing the risk of a potential breach from occurring.
The future of SaaS is now
SaaS is the future, but companies and IT leaders must align their security practices accordingly as we shift towards a more hybrid working model. At present only three out of 10 feel confident that their companies’ data access privileges are correct – this needs to change. One of the most valuable assets to an organization is data, and we must smartly align our security practices alongside the systems protecting this data to minimize our threat surface.
- The top 10 largest B2B SaaS companies in the US
- Which players continue to lead the SaaS market?
- Overcoming SaaS chaos: how to pave the way for the future of work
- How can SaaS benefit businesses?
The situation is not going to get better as we grow more reliant on data repositories that aid the growing shift to the cloud. Now is the time for companies to implement comprehensive solutions that manage access. This will provide an automated approach for updating user access levels – giving access to only those that need it, logging where data is stored and alerting companies to unauthorized access. All of which ensures a cyber-resilient and secure SaaS future.