NEW YORK — As the reliance on software-as-a-service (SaaS) grows, companies are exposing themselves to more internal and external threats as 40% of data in those platforms is unmanaged, according to a recent report.
The report, “Quantifying the Immense Risk of Unmanaged SaaS Data Access,” highlights how the “vast amounts” of unmanaged sensitive data in enterprises.
New York-based DoControl released the report this week. The company is the maker of a platform to automate data access controls for SaaS products.
Global SaaS revenue is expected to grow by nearly 38% to more than $140 billion between 2019 and 2022, according to Gartner.
Along with the rising adoption of SaaS applications, the threat of related data leaks is “growing exponentially,” DoControl said.
While cloud-based software can increase efficiency, collaboration and productivity throughout an enterprise, DoControl believes the growing SaaS-based attack surface is a “significant threat that is often underestimated” by IT leaders.
For instance, the average 1,000-person company stores between 500,000 to 10 million assets in SaaS applications, according to DoControl. Companies enabling public sharing may then unwittingly allow up to 200,000 of those assets to be shared publicly.
- An average of 400 encryption keys are shared internally to anyone with a link
- 20% of SaaS assets are shared internally with a link, exposing many employees to data points they are not authorized to view
- 8% of employees share their corporate account assets with their personal account, exposing company data to employees on an ongoing basis
- Between 1,000 and 15,000 external collaborators (vendors, contractors, customers, partners, prospects, media, analysts, etc.) have access to company data
- Between 200 and 3,000 external (specifically third-party) companies have access to company assets
- 18% of SaaS application assets are shared externally and remain shared externally even after deleting users
“The past year forced many organizations to collaborate with many external parties and adjust their existing workforce to support remote collaboration,” said Adam Gavish, co-founder and CEO, DoControl.
“To date, security practitioners have focused on enabling SaaS access in a secure manner, but now is the time to prioritize the relevancy of this data access internally and externally.”
“Quantifying the Immense Risk of Unmanaged SaaS Data Access” is based on customer base data aggregated and analyzed by DoControl.
The key findings were then categorized as internal or external threats.