Increased exposure of SaaS assets significantly increases the risk of potential breaches
“In today's digital world, we all rely on SaaS applications to improve productivity and collaboration.”
The 2024 State of SaaS Data Security report quantifies the amount, type, and risk of exposure of business assets stored within SaaS assets for public and private companies across multiple industries with 1,000 or more employees. I am.
insider threat
Whether by accident or design, insiders can exfiltrate sensitive intellectual property or customer information, exposing companies to financial extortion and potentially devastating brand damage. DoControl found a 182% increase in employees sharing company-owned assets via personal email. According to the 2023 survey results, in the average company, 1 in 6 employees shared data with their personal email accounts (1.3 million in assets). The report also found that her 5,860 encryption keys were stored in a SaaS app. While businesses may feel securely storing their assets in various apps, it's important to be aware that assets can leave those domains.
Such a significant increase will only make it more difficult to manually track sensitive assets, exposing businesses to further risks and putting data in the wrong hands.
data leak
Sharing files with external parties through SaaS applications through collaboration across corporate security boundaries can make managing a company's intellectual property and data extremely difficult. DoControl found that the public release of 35,000 sensitive assets reflected serious deficiencies in data management and access controls. The report also found a 49% increase in sensitive assets exposed across the company. Additionally, throughout 2023, the average company exposed 21,000 new assets each week, and the Slack platform alone saw a 107% increase in exposed assets. To reduce exposure to potential risks, enterprises should implement least privilege permissions and remove access when parties with whom assets were shared no longer need them. should limit external sharing.
old permissions
It's no surprise that outdated permissions continue to pose significant risks to businesses around the world. According to the findings of this year's report, 90% of companies report that former employees continue to access their SaaS applications even after leaving the company. It is important to consider that even if she is just one former employee, a particularly disgruntled former employee may pose an unacceptable risk.
Another form of obsolete permission is continued access to SaaS assets that are no longer needed or do not support business objectives. DoControl found that 100% of companies surveyed still store externally shared assets (older than 5 years) in Google Workspace. Furthermore, on average 5%
Over-permitted third-party OAuth apps
Applications often allow third-party integrations to make your workflow more efficient, convenient, or productive. However, third-party applications can pose a threat to businesses, especially if they are granted unnecessary read/write permissions. Allowing unnecessary access to applications that may not have proper security controls opens the door to risks that could have been avoided. In fact, DoControl found that 65.5% of these third-party apps do not require the level of access granted. Of the 29,000 third-party apps installed and investigated by organizations in 2023, 90% of all installed apps have not been used in the past 30 days, a widespread finding that applications pose significant security risks. further illustrates the problem.
DoControl helps you avoid catastrophic consequences of data exfiltration and data leakage. A unique approach to managing SaaS data access highlights the 2024 data security landscape by providing centralized, automated, and fine-grained data access controls for SaaS applications within an enterprise's technology stack. Repair any situation. DoControl's code-free, automated workflows help IT and security teams manage their SaaS data access, allowing businesses to confidently and securely move forward with their SaaS deployments.
Additional resources:
For more information about DoControl, please visit: Website or Request a demo.
methodology
This report aggregates findings across a subset of companies for which DoControl has conducted SaaS data access control and breach audits. We compiled the results of a cross-sectional audit of companies ranging in size from 1,000 to 10,000 employees.
About DoControl
DoControl is a SaaS security solution that provides complete visibility, threat detection, and remediation for SaaS data breaches and insider threats. Tailored for the scale and velocity of SaaS data, this solution combines CASB and DLP capabilities to ensure protection across key SaaS ecosystems, including:
media contact
[email protected]
View original content to download multimedia: https://www.prnewswire.com/news-releases/docontrols-2024-state-of-saas-data-security-report-found-companies- create-286k-new-saas-assets -Every week, 1 in 6 employees share company data via personal email-302088659.html
Source DoControl