Get in Touch

96% of Security Executives Indicate SaaS Security is a High Priority in Valence Security’s 2024 State of SaaS Security Report

Valence Security and EMA data confirms more than half of security executives acknowledge being impacted by a SaaS breach over the past 18 months
Key Takeaways
  • Key challenges in SaaS security include distributed management of applications outside IT/security teams, governing Generative AI adoption, and the complexity of SaaS configurations.
  • The report highlights data share risks and over privileged third-party integrations as potential threats, with 22% of external data shares using open links and all organizations providing full access to sensitive data to at least one third-party integration.
  • The report reveals that while organizations have been using CASB solutions for a decade, there is a notable shift to SSPM solutions to address modern SaaS security risks like misconfiguration blindspots and SaaS-to-SaaS visibility.

NEW YORK, May 2, 2024 – Valence Security, the only SaaS security company that provides advanced visibility and remediation capabilities to find and fix SaaS security risks, today released its 2024 State of SaaS Security Report which found that more than half, 58%, of the organizations were affected by a SaaS security incident in the last 18 months. Likely, as a result, 96% of security leaders have made SaaS security a top priority and 93% have increased SaaS security budgets in 2024. In addition, confidence in current SaaS security programs or processes is high, with 84% saying they are very or extremely confident. 

“There’s no denying that the ease of SaaS subscriptions and SaaS integrations have helped organizations scale their businesses quickly and increase employee productivity,” says Yoni Shohet, co-founder and CEO at Valence Security. “The goal of this report is to provide a unique and more comprehensive examination of SaaS security by combining survey findings from security leaders with analysis from our own tenants to expose the gaps between security investment and effectively addressing the complexities of SaaS environments.”

Top SaaS Security Challenges

The survey revealed the top security challenges the recipients are experiencing in securing their SaaS applications. Half (50%) identified distributed management of SaaS applications outside of IT/security teams as one of their top 3 challenges. Half (50%) indicated that governing Generative AI adoption is a top challenge. Nearly half (43%) indicated the complexity of SaaS configurations as one of their top challenges.

Shift in Tools to Secure SaaS

Interestingly, when asked which tools their organizations are currently using to protect their SaaS applications, 52% of respondents said they are using a Cloud Access Security Broker (CASB) while 48% said SSPM solutions. While CASBs have been around for over a decade, the fact that SSPMs have a similar adoption rate highlights a significant shift in how organizations address SaaS Security. This is likely due to the realization of CASB limitations to address modern SaaS security risks.

Data Share Risks

The tenant research revealed that 22% of external data shares utilize open links, so “anyone with the link” can access the data. The majority of these open link shares (94%) are inactive, meaning that people have access to these files, folders, recordings, records, etc. when they don’t need access anymore. 

Overprivileged Third-Party Integrations

The tenant analysis revealed that 100% of organizations grant full access to sensitive data (emails, files, calendars, source code) to at least one (1) third-party integration and one third (33%) of integrations are granted access to sensitive permissions and data. SaaS-to-SaaS integrations are increasingly targeted by attackers since traditional access controls are less effective when it comes to these non-human identities and organizations typically don’t have the same monitoring capabilities as they have for human identities.

"While a staggering 96% of security leaders prioritize SaaS security, Valence's report shows the complexity of SaaS security," says Chris Steffen, Vice President of Research - Information Security at EMA. "Security executives responded that their SaaS security challenges are hindering effective security and they’re looking for innovative solutions that address these complexities and empower organizations to navigate an evolving SaaS security threat landscape."

Resources

To access the full analysis, download the 2024 State of SaaS Security Report

To learn more about Valence Security, visit the website or request a demo 

Follow us on LinkedIn.

Methodology

EMA surveyed 125 senior cybersecurity executives including C-suite executives, vice presidents, directors, and managers from companies ranging from midsize to enterprise across a variety of industries including technology companies, financial services, and manufacturing to determine current trends in SaaS security. Additionally, anonymous data from 2024 collected from hundreds of real enterprise SaaS applications by the Valence SaaS Security Platform was used. Survey results highlighted several notable findings.


About Valence Security
Valence Security is the first SaaS security company to combine SaaS Security Posture Management (SSPM) and advanced remediation with business user collaboration to find and fix SaaS security risks. SaaS applications are becoming decentrally managed and more complex, which is introducing misconfiguration, identity, data, and SaaS-to-SaaS integration risks. The Valence SaaS Security Platform provides visibility and remediation capabilities for business-critical SaaS applications such as Microsoft 365, Google Workspace, Salesforce, GitHub, and Slack. With Valence, security teams can empower their business to securely adopt SaaS.

Valence is backed by leading cybersecurity investors including Microsoft’s M12 and YL Ventures and is trusted by leading organizations.

Key Takeaways
  • Key challenges in SaaS security include distributed management of applications outside IT/security teams, governing Generative AI adoption, and the complexity of SaaS configurations.
  • The report highlights data share risks and over privileged third-party integrations as potential threats, with 22% of external data shares using open links and all organizations providing full access to sensitive data to at least one third-party integration.
  • The report reveals that while organizations have been using CASB solutions for a decade, there is a notable shift to SSPM solutions to address modern SaaS security risks like misconfiguration blindspots and SaaS-to-SaaS visibility.
Media Gallery
Quotes
The goal of this report is to provide a unique and more comprehensive examination of SaaS security by combining survey findings from security leade...
Yoni ShohetCo-Founder and CEO of Valence Security
Related Bios
Yoni Shohet
Co-Founder and CEO
View Full Bio>>
Contacts
Nina Gill
Nina@gillmurph.com
781-856-3103
Media