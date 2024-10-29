SaaS security has become a clear priority for a majority of organizations, according to recent research from TechTarget's Enterprise Strategy Group. In the study, "Securing SaaS Ecosystems" 41% of respondents said enabling the safe use of SaaS applications is their organization's top cybersecurity priority, with another 32% indicating it's in the top three.

With so many important yet competing priorities to balance, this emphasis on SaaS security speaks volumes. Yet SaaS security can mean a variety of different things, ranging from identifying misconfigurations in sanctioned applications, to protecting data shared with unsanctioned applications, to controlling or preventing the use of specific applications.

An important area where there seems to be a disconnect is with regard to third-party connected SaaS applications and plugins -- applications that connect to another SaaS application to provide additional capabilities. These could be for large applications -- for example, a Zoom plugin for Google Workplace -- or smaller, standalone applications such as Grammarly or Mail Merge. Such apps might also be available in the marketplace of a core SaaS application -- i.e., Salesforce or Microsoft 365.

While these plugins and connected apps provide users additional functionality and a better experience as they go about their day-to-day routine, they also introduce security risks.

Securing third-party applications and data Just as with unsanctioned SaaS applications historically, it can be difficult for security teams to manage the breadth of this usage, protect the data potentially exposed by these connections and ensure enforcement of corporate policies. But while many organizations appear to believe they understand the scope of usage of these types of applications, their ability to secure them remains in question. Overall, 57% of organizations in the survey said they are very confident in their understanding of the number of third-party connected apps and plugins used by employees, and an additional 42% said they are somewhat confident. Yet, when it comes to securing these third-party connected applications, respondents said the following: Blocking access to unsanctioned and third-party connected apps and plugins was a significant SaaS security challenge for 38% of respondents.

Maintaining visibility across unsanctioned and third-party connected applications and plugins was a significant SaaS security challenge for 38% of respondents.

Excessive access granted to third-party applications as one of the SaaS misconfigurations the organization is most worried about was cited by 43% of respondents. Unfortunately, these concerns appear to be well founded rather than hypothetical. According to the study, among organizations that had suffered an attack on a SaaS application in the last 12 months, 42% reported data leakage from third-party connected apps or plugins.