Large amounts of SaaS data is lacking any sort of management

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

Ever-growing amounts of SaaS data are going completely unmanaged, increasing the risk of both internal and external threats, a new report has claimed.

The “Quantifying the immense risk of unmanaged SaaS data access” report from automated SaaS security firm, DoControl found approximately 40% of all SaaS assets are going fully unmanaged.

To put this into perspective, an average 1,000-employee company stores between 500,000 and 10 million assets in SaaS applications. By not managing these assets, they may be unwittingly allowing up to 200,000 of these assets to be shared publicly, creating huge potential for disaster.

To make matters even worse, the number of these assets is growing fast, as SaaS becomes ever more popular. Market analysts Gartner are saying global SaaS revenue will grow by almost 38%, hitting $140 billion by 2022. 

Security risk

Of all the companies analyzed, an average 400 encryption keys are shared internally to anyone with a link. A fifth (20%) of SaaS assets are shared internally with a link, giving employees access to data they weren’t supposed to access, while 8% of employees share their corporate account assets with their personal account. 

Furthermore, between 1,000 and 15,000 external collaborators and partners have access to company data. With supply chain attacks growing more popular, third parties with access to company data become a liability. 

Finally, between 200 and 3,000 external companies have access to company assets, while 18% of SaaS application assets are shared externally and remain so even after deleting users.

For Adam Gavish, DoContro’s CEO and Co-Founder, collaboration with external partners was forced upon many companies by the Covid-19 pandemic. SaaS apps were uniquely positioned to assist with collaboration in the “new normal”, but they also created an “ever-growing attack surface that requires attention to ongoing data access at scale.”

And while IT security pros were focused on enabling SaaS access in a secure manner, “now is the time to prioritize the relevancy of this data access internally and externally,” Gavish concluded.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.