AT YOUR SERVICE: XaaS 48 CHANNELVISION | MARCH - APRIL 2024 In light of this, SaaS deployments open the door to valuable cybersecurity conversations with customers. In a recent Sage poll, resellers cited SaaS applications (30 percent) and cybersecurity solutions (33 percent) as being vital for their organization’s growth and customer pipeline. Resellers consider both to be priority areas of interest over the next several months. Shadow IT: A Growing Threat Cloud transformation projects, for their part, are known for being complex and time consuming, taking months or years to complete. But SaaS adoption tends to move at a much faster pace — often out of sight from security or IT administrators, and with push-button ease. This trend is known as shadow IT. While shadow IT decreased in 2023, it still accounts for more than half of the applications in the average SaaS portfolio (51 percent). SaaS sprawl is also on the rise as employees and companies continue to purchase applications, with most of the growth taking place at the mid-market and enterprise levels. According to Productiv, the most common shadow SaaS products on the market right now include Evernote, Coursera and Canva. As CyberRisk Alliance executive vice president of CISO communities Parham Eftekhari explained in a recent webcast, the evolution from on-premises environments to SaaS and cloud-based services has changed the way businesses deploy solutions. According to Eftekhari, many of the inherent safeguards that were built into this risk vector from legacy deployment processes no longer apply because of SaaS. “Not that long ago, you had to go to the technology department to deliver and create solutions,” Eftekhari said. “Now, any business leader with a budget can go in and start to unlock services and solutions with limited and sometimes no engagement with IT and security teams.” Shadow Apps Impact Most SaaS and cloud offerings now come with vendor-managed security components such as advanced encryption, multi-factor authentication and continuous monitoring. But while SaaS applications may be secure, they are often set up and managed by individuals and teams that lack advanced security knowledge or awareness. “With shadow IT, you’re relying on others to implement controls — from a security and privacy standpoint, something as simple as a password policy — on these systems that are not connected to your central repositories,” stated SHL CISO and senior vice president of IT Nickolas Bruno, in the CyberRisk Alliance webcast. “And by default, it’s going to be whatever the SaaS provider selected.” This sidelines security teams and makes it impossible to enforce critical authentication and identity management policies. Without proper security oversight, even the most secure SaaS applications can become vulnerable targets for sophisticated attacks. Fico CISO Ben Nelson pointed out how shadow IT also puts companies at risk from insider threats including rogue employees. “Assume we have a disgruntled employee that we’ve let go,” Nelson said. “Because they were implemented in a system that we didn’t know about or didn’t have control over, they could still have access to that system post departure.” Furthermore, without visibility security teams may struggle to quickly identify and access logs during cybersecurity investigations, when time is of the essence. “Many SaaS providers, or any cloud provider for that matter, don’t have the same level of logging standards that we do,” Nelson added. “So if you’re in an incident response scenario and the incident happens to involve one of your cloud providers, your ability to get quick access to thorough logs may be impaired. That may hinder your investigation.” Average SaaS Spend Per Employee Enterprise $7,492 Mid-Market $10,045 SMB $11,196 Overall $9,643 Source: Productiv Percent of SaaS License Actively Used 2021 2023 Enterprise 45% 47% Mid-market 43% 49% SMBs 49% 50% Overall 45% 47% Source: Productiv
RkJQdWJsaXNoZXIy NTg4Njc=