SaaS security not a priority for UK firms, despite high infrastructure spend

Axonius research has found that sofware-as-a-service (SaaS) security is not a top three priority for UK organisations, despite 70 per cent spending more on SaaS applications today than a year ago

62 per cent of UK companies surveyed by Axonius ranked SaaS security fourth or lower on their list of current security priorities.

Meanwhile, only 32 per cent cited being worried about the costs associated with rising SaaS-based app usage.

While 79 per cent of UK respondents surveyed admitted the increase in SaaS applications results in increased complexity and security risks, when asked why security isn’t more of a concern, three main factors were identified:

  • limited time and resources (38%);
  • staffing shortages (23%);
  • pressure to focus on other issues from the C-Suite (15%).

Concerns surrounding data privacy continue to influence data protection regulations in the UK, and how businesses collect personal data, with increasing data sprawl commonly becoming a result of amount of SaaS applications outweighing visibility.

“The biggest concern with SaaS adoption right now is that most organisations are underestimating the number of SaaS applications that exist within their environment,” said Dean Sysman, CEO and co-founder of Axonius.

“SaaS offers numerous benefits, including more flexibility, accessibility, productivity gains, and more — anyone can register for a SaaS app and connect it to work data. But that also presents enormous risk.

“IT and security teams already struggle to identify the assets that exist within their organisations. SaaS apps further complicate their ability to gain visibility into data and interconnectivity, manage configurations, and close security gaps, as well as track licensing, usage, and spend.”

Jerich Beason, Commercial Bank CISO at Capital One and Axonius advisor, commented: “The appetite for SaaS will only continue to grow, further exacerbating data sprawl and security implications.

“These risks are no longer hypothetical, and without full visibility into the SaaS application landscape, organisations will continue to find themselves vulnerable to data loss from shadow SaaS, non-compliance with federal and industry regulators, and financial strain from lack of insight into organisational spend. Businesses can no longer wait to rein in SaaS complexity.”

Notable examples of SaaS data being breached include Okta announcing that its platform has been the victim of a targeted security attack back in March, and GitHub Security confirming an investigation into abused stolen OAuth user tokens in April.

Over 500 senior decision makers based across the US, the UK and mainland Europe were surveyed by cyber security and SaaS management provider Axonius, around SaaS usage and security attitudes among enterprises.

Related:

How to gain total asset visibility within your enterprise — Knowing every asset in your enterprise is vital to the growth of any business. As companies respond to modern challenges, from complex supply chains, technological advances, security concerns and more, the need to proactively plan for the future requires full visibility of a company’s assets.

How Confidential Computing is dispelling the climate of distrust around cloud security — Stefan Liesche, Distinguished Engineer at IBM, explains how Confidential Computing is dispelling distrust around cloud security.