40% of SaaS data access unmanaged

A new report by DoControl Inc. has found that 40% of all SaaS data access is unmanaged, which can create insider and external threats.

The report comes as a wake-up call to CIOs and CISOs, highlighting the significant threat of unchecked and unmanaged data that SaaS providers can access and how it is often underestimated. Duncan Riley elaborates on the report for Siliconangle.

This is what he has written.

  • The recent study was derived from an average 1000-person company with data stores of between 500,000 and 10 million assets in SaaS applications made the following conclusion: Companies enabling public sharing may have up to 200,000 of these assets shared publicly.

  • Insider threats are a large concern, with an average of 400 encryption keys shared internally to anyone with a link. A fifth of SaaS assets was found to be shared internally with a link, exposing many employees to data points they are not authorized to consume

  • Some 8% of employees share assets from their corporation with their personal accounts, exposing many former employees to ongoing company data.

  • With external threats, between 1,000 and 15,000 external collaborators, including vendors, contractors, customers, partners, prospects, media, and analysts, were found to have access to company data.

  • Though SaaS apps have been designed to promote collaboration, it also surrounds the ever-growing potential dangers in accessing unmanageably large amounts of data; This also presents increased complexity for security teams, who must now pay attention to ongoing data access at scale.

What Zluri Thinks?

SaaS adoption mustn't stop with its implementation. No SaaS vendor will openly accept the access level they have got with your data. That's why IT leaders need to prioritize the relevancy of data access internally and externally. In addition, they need to have automated tools that give timely alerts when critical data is shared in an application, if anyone outside the organization has unauthorized access and if an application doesn’t have the relevant certifications.

You can read the full article here.