Intermediate organizations are today engaged in a single balancing act, where they are required to manage and defend an increasing digital imprint but do not have the deep pockets and the vast resources of their larger counterparts. To better help security teams in medium -sized companies remain resistant in an increasingly complex threat landscape, the Cloud Security Alliance (CSA) today has released her SaaS and postponement of the SAASS assembly and risks organist miners. The survey, commanded by Wing safetyA SaaS security leader takes a deep dive into the strategies that medium -sized companies use to protect their high -value assets – from SaaS safety gaps to combat artificial intelligence risks ( Ia) – and highlights the real world challenges and priorities that these companies face when managing their risk.
“Intermediate organizations are growing in recognition and the fight against SaaS security risks, but important shortcomings remain. To create a robust security posture, it is essential to prioritize specialized technologies that improve visibility, automate processes and close key vulnerabilities. By aligning priorities through IT, security and business units, these organizations can better protect their assets and navigate with confidence in the evolving SaaS landscape, “said Hillary Baron, Director of Main Technical Research, Cloud Security Alliance.
The report explores how the intermediate market organizations address SaaS security risks, the management of configuration errors and AI threats to overcome budgetary constraints and limited tools, and highlights the gaps in their strategies current while providing usable information to improve their security posture. Among the main conclusions of the survey:
-
The security teams are struggling with an increasing attack surface and the use of follow -up applications. Intermediate organizations are struggling with the management of the large volume of SaaS applications, both sanctioned and unauthorized, real figures often exceeding expectations. Precision, less than half (44%) of organizations favor the protection of all their sanctioned applications, and only 17% include inclusive not punished in this priority. Since limited visibility in these applications leads to significant security gaps, specialized tools and automation are essential to secure this expansion digital imprint.
-
Prioritize the “jewels of the crown” while leaving the gaps. Many companies concentrate their configuration management efforts on their most critical applications (for example, Google Workspace and IDP / IAM). Although the hierarchy of these basic systems is essential, wider SaaS environments should not be overlooked – an incomparable concern 28% of organizations plan to automate configuration management in all applications. To fully mitigate the risks, organizations must extend automation and guarantee complete coverage in all applications, including those perceived as priority and lower application connections.
-
IA Risks without formal plan. The risks linked to AI, in particular data and intellectual property, are an increasing concern. While 55% of organizations said they were moderately concerned and an additional 20% said they were very concerned, only 51% of organizations dedicated security teams to combat specific AI risks. The absence of a unified strategy and a clear responsibility makes organizations vulnerable to the evolution of threats and challenges of conformity.
-
Dependence on manual processes and insufficient tools. Smaller security teams often rely on manual processes (48%) and tools for general use such as safety brokers in Cloud (CASB) (48%) – none of which are enough for SaaS security needs. The good news is that many organizations plan to adopt specialized solutions such as the management of the SaaS security posture (SSPM) and the management of the data security posture (DSPM) —52% and 56%, respectively – To improve visibility and treat critical risks.
-
Increase in SaaS security through current initiatives. Almost 90% of organizations plan to extend IT budgets or improve existing security initiatives – such as risk management, configuration management and risk detection and response – to approach Saas security. Although relying on IT Budgets / General Security or Reallow of Funds from other projects can lead to reactive and patchwork investments that do not fully reach the unique risks that SaaS applications pose, only 3% have a budget dedicated line line specifically for SaaS security. Dedicated funding and priorities aligned between teams are essential to build an efficient SaaS security strategy.
“Securing SaaS applications is an important challenge for medium -sized companies, where limited resources meet an expanding attack area. However, the importance of safeguarding these critical tools cannot be overestimated. With the right strategies and technologies, medium -sized organizations can overcome these difficulties, ensuring the protection of sensitive data and maintaining the continuity of activities in a world increasingly focused on Saas, “said Galit Lubetsky Sharon, CEO of Wing Security.
Wing Security funded the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by the CSA in October 2024 and received 406 responses from IT and security professionals from various sizes and locations. CSA research analysts have carried out the analysis and interpretation of the data for this report.
Download the complete SaaS and postponement of the SAASS assembly and risks organist miners.