In the second annual report from AppOmni, researchers have examined the current knowledge and mindset around SaaS security, and taken stock of the maturity and goals of SaaS security programs in 2024 and beyond.
We’ve pulled key challenges identified in that report to give you a quick overview of the state of software-as-a-service (SaaS) security right now.
1. SaaS security duties are dispersed
Many organisations lack a clear picture of who is responsible for SaaS security. The decentralisation of SaaS deployment and security means that the CISO, the owner of the SaaS application, and the cybersecurity team are all involved in security in some manner – but there’s often no clear line of responsibility. This creates both tension within the organisation, and potential vulnerabilities.
Only 15% of organisations said that SaaS security is centralised within their cybersecurity team. So decision-making and SaaS operations are unclear; with SaaS security applications dispersed across the cloud, different devices, and a disparate group of workers.
Part of this is due to the ease of adoption of SaaS software. Departments are able to implement SaaS solutions without conventional IT or security workers to oversee them. This is one of the strengths of SaaS in general (it’s accessible), but within an organisation, it creates organisational vagueness.
This ambiguity must be addressed in the adoption, deployment and monitoring of SaaS solutions, to avoid unnecessary vulnerabilities and subsequent breaches.
2. ROI on cybersecurity investments is a growing topic of strategic conversation
Competing priorities for SaaS security investments are a growing challenge within organisations and cybersecurity teams. Crucially, cybersecurity teams must put strategy behind their investments and demonstrate ROI through the measurable reduction of risk.
AppOmni’s survey found that 69% of respondents expect to increase security spending over the coming year, but 19% cite budget pressures as a primary challenge in implementing SaaS solutions. Competing priorities are a major barrier to SaaS adoption (according to 49% of respondents), and 29% expected ROI to become a key point of discussion over the next 12 months.
3. GenAI is a key area of discussion
Generative AI (GenAI) is a growing concern around SaaS applications, with 38% of respondents noting that the data risks and IP protection issues linked to GenAI are significant.
At the same time, 40% reported that leveraging AI to enhance cybersecurity will be a major topic of discussion in the months to come.
This dual challenge and opportunity that GenAI presents is reflected across the wider cybersecurity landscape.
Already, more than 270 SaaS companies launched GenAI products in the first half of 2023 alone, and many other vendors are adding GenAI features to enhance existing products. We’ll see an increased focus on the interoperability of connected AI systems, and on the importance of robust data sets in order to train AI models effectively for SaaS.
Dig deeper into the future of SaaS security at Black Hat MEA
Join us in Riyadh to learn directly from SaaS application developers and leading CISOs. Learn how they’ve solved the problems you’re facing in your own organisation – and connect with SaaS partners to strengthen your security posture.
Join us at Black Hat MEA 2024 and discover how to improve your organisation’s cyber resilience.