Unmanaged SaaS data access creates risk
According to a new report, 40% of all SaaS assets are unmanaged, resulting in a greater degree of internal, external and public access to sensitive data.
The data access company report DoControl categorizes data by internal and external threats. He finds that in the companies analyzed, an average of 400 encryption keys are shared internally with anyone with a link.
Additionally, 20% of SaaS assets are shared internally with a link, exposing many employees to data points they are not allowed to view. Eight percent of employees also share their corporate account assets with their personal account, exposing company data to employees on an ongoing basis.
With regard to external threats, the study finds that between 1,000 and 15,000 external collaborators (suppliers, subcontractors, customers, partners, prospects, media, analysts, etc.) have access to company data. . Between 200 and 3,000 external companies (especially third parties) also have access to company assets, and 18% of SaaS application assets are shared externally and remain shared externally even after users are removed.
“The past year has forced many organizations to collaborate with many external parties and adjust their existing workforce to support remote collaboration,” said Adam Gavish, CEO and co-founder of DoControl. “To date, security professionals have focused on enabling SaaS access in a secure manner, but now is the time to prioritize the relevance of this data access internally and externally. Access to unmanageable data poses a significant risk to any organization and increases the likelihood of a data breach. While SaaS applications are designed to promote collaboration, it also creates an ever-growing attack surface that requires special attention to continuous access to data at scale. DoControl is committed to helping organizations ensure that no unauthorized person has access to company data, all without slowing down the activation of the company or altering the day-to-day work of the end user. “
The full reportt is available on the DoControl site.