Enterprise SaaS apps are still a major security risk

A computer being guarded by cybersecurity.

(Image credit: iStock)

Jump to:

Organizations are growing increasingly aware of the dangers of using insecure enterprise Software-as-a-Service (SaaS) apps, however it isn’t stopping them from still using them ad-hoc, without a proper cybersecurity and data protection strategy.

As a result, these apps still present a major security risk to all users, a new paper published by AppOmni claims.

Based on a survey of 644 security decision makers at organizations with 2,500+ employees scattered across six countries, the report argues that only a third (32%) are confident in the security of their company’s or customers’ data stored in SaaS apps, down from 42% in 2023. This decrease highlights the growing awareness of the challenges that enterprise SaaS apps present in terms of data security.

Different perspectives

Further reinforcing the same point, almost all (90%) said their organizations have policies that allow only the use of sanctioned apps. But here is where it gets troubling - a third (34%) said these policies are not enforced, up 12% compared to last year. What’s more, only 27% are confident about the security levels of their sanctioned apps.

To make matters worse, a third (34%) don’t know how many SaaS apps are deployed in their organization. Half of those using Microsoft 365 believe they have less than 10 applications connected to the platform, while AppOmni’s data shows more than 1,000 connections - more than a hundredfold increase.

Finally, there are different views of responsibilities across organizations. Half (50%) of the respondents believe the responsibility for securing SaaS apps lies with the business owner or stakeholder, while just 15% said it’s the responsibility of the cybersecurity team.

Brendan O’ Connor, Chief Executive Officer of AppOmni, says there is a “clear disconnect” between security self-assessments and actual SaaS risks. “Now, we find that despite greater awareness and effort, things are getting worse. Just as there are constant headlines about breaches, the number of SaaS exploits has reached 31%, up five percentage points from last year. The details behind those statistics are even worse—despite increased budgets and initiatives, organizations need to do a far better job of securing SaaS deployments,” he concluded.

More from TechRadar Pro

SaaS identity security strategies to prevent cyber risk in the workplace
Here's a list of the best firewall software around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.