SaaS security remains an underserved function, despite the prevalence of SaaS applications and the integral part they play in the daily operations of countless organizations: the average mid-sized company uses over 200 SaaS applications. One of the companies addressing this gap by providing comprehensive data protection services for SaaS, on-prem, and cloud services is HYCU.
The company has released findings from its first worldwide survey on SaaS use and resilience in global companies in collaboration with UK-based Sapio Research. The data is based on responses from over 400 IT decision-makers across the US, EMEA, and Asia.
Gaps in Protection, Gaps in Knowledge
The State of SaaS Resilience in 2024 report found that globally, critical data protection vulnerabilities remain in SaaS. While the rise of ransomware attacks posed a significant threat with 36% of all businesses reporting attacks — and 61% reporting SaaS applications as the source — this wasn’t the only threat.
Another issue is the lack of knowledge IT teams have about the scope of SaaS applications in use in their companies. Most users surveyed stated close to 20 as the number of SaaS apps they believed they had in operation, while as noted above, the average number is over 200.
Beyond this, 41% of those surveyed expect the SaaS vendor to ensure data protection and recovery, even though most cloud providers, SaaS vendors, and ISVs place responsibility on the customer through a shared responsibility model.
For example, Microsft describes this model by stating “For all cloud deployment types, you own your data and identities. You’re responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control.”
Plus, even though SaaS apps are usually procured by business teams, 71% of respondents believe that IT is responsible for the majority of SaaS usage.
We spoke with HYCU CEO Simon Taylor about the findings from the report. “There was a lot of validation in this report,” says Taylor. “If you think about the book Averting the SaaS Data Apocalypse that we published last year, we talked about things that we were seeing in the market.
“We talked about how the shared responsibility model was going to be really damaging for SaaS in particular because it was going to be on [customers] to protect and recover their own data and they often didn’t have access or the ability to back up these SaaS services.”
For Taylor, the most significant findings concerned the disconnect between IT and end users of SaaS and the incredibly high percentage of ransomware attacks that are occurring through SaaS gateways.
Measuring the Fallout
Of those surveyed, 90% said they failed to recover encrypted SaaS data within an hour of a breach. This aligns with another finding in the report: 58% of businesses see the primary challenge with protecting SaaS application data as introducing additional security measures.
This downtime has a major effect on the continuity of business processes, leads to financial losses, and impacts customer trust, causing reputational damage. And then there’s the issue of non-compliance.
“Its important for every sector,” says Taylor. “But, certainly regulated industries are going to be massively affected by this.”
“There’s such a wide gap between what the SaaS service is offering and what the regulators are requiring, and it’s on the IT departments to actually find a way to comply.
“Our view is that the ability to manage, protect, recover, and log all of your SaaS data and have a local copy is now moving from the world of a nice-to-have to a regulated, legal, and potentially criminally liable situation.”
Taylor explains the first steps companies should take to address SaaS data protection, “We did two things that were the right thing to do for the marketplace,” he says. “We have the backup and recovery, the complete R-Cloud platform.
“In terms of getting started, we also invented R-Graph, the world’s first visualization tool that is specifically designed to help any IT department to identify, discover, and visualize where all of their workloads actually are.” Customers can access R-Graph for free to visualize the problem.
The AI Ecosystem Q2 2024 Report compiles the innovations, funding, and products highlighted in AI Ecosystem Reports from the second quarter of 2024. Download now for perspectives on the companies, innovations, and solutions shaping the future of AI.
