2024 State of SaaS Security Report Shows A Gap Between Security Team Confidence And Complexity of SaaS Risks

2024 State of SaaS Security Report Shows A Gap Between Security Team Confidence And Complexity of SaaS Risks

Jason Silberman
May 2, 2024
Time icon
min read
2024 State of SaaS Security Report Shows A Gap Between Security Team Confidence And Complexity of SaaS Risks
Download Report

Valence Security has released the 2024 State of SaaS Security Report. Among the primary themes we saw in the report—which combines an industry survey with data collected by Valence from hundreds of real enterprise SaaS applications—is a clear gap between security leaders’ confidence in their existing programs and processes to protect their SaaS application environment, and a contrasting reality that reflects the complexity and diversity of SaaS security risks. The report highlights concerning trends like rising SaaS breaches, misconfigured security controls, overexposed SaaS-hosted sensitive data, overprivileged third-party integrations including GenAI tools, and more.

A gap between security confidence and a rise in SaaS breaches

Security leaders are prioritizing SaaS security, with 96% identifying it as a high or top priority. Furthermore, 93% of respondents reported an increase in their organization's budget for SaaS security compared to previous years. Alongside focus and investment, confidence in current security programs remains high, with 84% expressing "extreme" or "very" high confidence.

Despite this, over half (58%) of organizations experienced a SaaS security incident within the past 18 months. Recent high-profile SaaS breaches, such as the Microsoft Midnight Blizzard attack and the Cloudflare breach, underscore the vulnerability of SaaS environments and the potential for widespread disruption. These incidents demonstrate the need for a reality check and a shift towards proactive, automated security measures to protect SaaS-hosted data, strengthen management of human and non-human identities, and reduce attack surfaces in SaaS.

The need for a dedicated SaaS security program

The report reveals a critical need for a dedicated SaaS security program. The sheer number and complexity of modern SaaS applications, combined with distributed management practices, creates a constantly evolving security landscape. Traditional security teams struggle to keep up with manual processes like security checklists or periodic audits.

Top challenges and recommendations

The report delves into the specific challenges that security leaders face when securing SaaS applications. These challenges can lead to misconfigurations, inconsistent security practices, and difficulty in maintaining control over SaaS deployments and third-party integrations. 

It also includes recommendations for reducing SaaS security risks, from maintaining an inventory of SaaS applications and performing continuous monitoring, aligning configurations with industry best practices, to adhering to PoLP and cleaning up unused accounts, third-party integrations and inactive data shares.

Download the PDF

Latest Blogs

SaaS to SaaS Supply chain security  | Valence security-Close
Free SaaS Security Risk Assessment

Our SaaS Security experts will help you identify risks and recommend actions to secure your SaaS now.

Request Assessment