New Data-Driven Study Reveals 40% of SaaS Data Access Is Unmanaged, Creating Significant Insider and External Threats to Global OrganizationsNew Data-Driven Study Reveals 40% of SaaS Data Access Is Unmanaged, Creating Significant Insider and External Threats to Global Organizations
With millions of assets in SaaS applications, latest research from DoControl serves as a wake up call to CIOs and CISOs and the enterprises they protect.
August 24, 2021
New York, NY – August 24, 2021 – DoControl today announced a new report, Quantifying the Immense Risk of Unmanaged SaaS Data Access, which highlights how the vast amounts of unmanaged data in today’s enterprises has led to a growing number of insider and external threats to global organizations. With 40% of all SaaS assets unmanaged, there is a greater degree of internal, external, and public access to sensitive data.
According to Gartner, global SaaS revenue will grow by nearly 38% to more than $140 billion between 2019 and 2022. Although cloud-based applications dramatically increase the efficiency and productivity throughout an enterprise, there is a significant threat that is often underestimated by CIOs and CISOs: the unchecked and unmanaged data access by the SaaS provider. And with the growing adoption of SaaS applications, this threat is growing exponentially, putting companies at greater risk for data leaks.
As a benchmark, the average 1,000-person company stores between 500K to 10M assets in SaaS applications. Companies enabling public sharing may unwittingly allow up to 200,000 of these assets to be shared publicly. DoControl aggregated and analyzed data from its customer base, and categorized its key findings by external and insider threat:
Of the companies analyzed, an average of 400 encryption keys are shared internally to anyone with a link.
20% of SaaS assets are shared internally with a link, exposing many employees to data points they are not authorized to view.
8% of employees share their corporate account assets with their personal account, exposing company data to employees on an ongoing basis.
Between 1,000 and 15,000 external collaborators (vendors, contractors, customers, partners, prospects, media, analysts, etc.) have access to company data.
Between 200 and 3,000 external (specifically third-party) companies have access to company assets.
18% of SaaS application assets are shared externally and remain shared externally even after deleting users.
“The past year forced many organizations to collaborate with many external parties and adjust their existing workforce to support remote collaboration,” said Adam Gavish, CEO and Co-Founder of DoControl. “To date, security practitioners have focused on enabling SaaS access in a secure manner, but now is the time to prioritize the relevancy of this data access internally and externally. Unmanageable data access poses a significant risk to any organization and increases the likelihood of a data breach. While SaaS apps are designed to promote collaboration, this also creates an ever-growing attack surface that requires attention to ongoing data access at scale. DoControl is committed to helping organizations ensure that no unauthorized person has access to company data, all without slowing down business enablement or changing the end-user’s day-to-day work.”
Founded in 2020 and headquartered in New York, DoControl is an automated data access controls platform for SaaS applications, improving security and operational efficiency with ease for enterprises. DoControl is backed by investors RTP Global, StageOne Ventures, Cardumen Capital and global cybersecurity leader CrowdStrike’s early stage investment fund, the CrowdStrike Falcon Fund. The company’s leadership team combines product, engineering and sales experience across cybersecurity, enterprise and SaaS innovators. For more information, please visit https://www.docontrol.io. Follow us on Twitter and LinkedIn.
Silver Jacket Communications
Camille van der Sloot
Silver Jacket Communications
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023