Photo credit: www.darkreading.com

Grip Security Unveils New Research on SaaS Security Risks

BOSTON, Oct. 23, 2024 (GLOBE NEWSWIRE) — Grip Security, a leading player in SaaS identity risk management, has released its latest research report titled “2025 SaaS Security Risks.” The findings illustrate the inadequacies of conventional security methods in managing the escalating threats linked to unmanaged SaaS applications and user accounts. Disturbingly, the report indicates that a staggering 90% of SaaS applications and 91% of AI tools within organizations remain unmonitored, signaling a significant and growing vulnerability.

With organizations increasingly relying on SaaS solutions, Grip’s analysis sheds light on the shortcomings of traditional security frameworks in countering the phenomenon dubbed “SaaS risk creep,” which refers to the slow but steady rise in vulnerabilities stemming from unmanaged applications and their user accounts. Significant insights from the report reveal:

• The number of SaaS applications used within enterprises surged by 40% over the last two years.
• There has been an 85% increase in the number of accounts per employee using SaaS applications.
• 73% of allocated users never utilize their SaaS application licenses.
• ChatGPT was detected in 96% of organizations reviewed, with its usage skyrocketing by 24 times since its introduction.
• 42% of popular AI applications possess SAML (Security Assertion Markup Language) capabilities, yet 80% of these applications are not being managed or federated with SAML.

“The vast number of unmanaged SaaS applications and AI tools present in organizations highlights a serious disconnect between perceived and actual security risks,” stated Lior Yaari, co-founder and CEO of Grip Security. “Companies require immediate visibility into these applications and a comprehensive risk governance program to manage their vulnerabilities effectively,” he added.

The Shadow SaaS Phenomenon

A pressing concern identified in the report is the rise of Shadow SaaS and Shadow AI—applications that operate without the knowledge or control of IT departments. This scenario significantly increases the threat of data breaches, regulatory compliance issues, operational inefficiencies, and the exposure of sensitive information. As Gartner’s projections suggest by 2027, around 75% of employees will utilize technologies beyond IT oversight, organizations must revamp their SaaS security strategies to mitigate the risks associated with unmanaged applications.

Despite considerable financial investments in combating SaaS-related threats, current security solutions, such as Cloud Access Security Brokers (CASBs), are struggling to keep pace with the complexities presented by contemporary SaaS environments. These tools often produce excessive data noise and false alarms, diverting security teams from addressing real threats.

“As SaaS adoption continues to rise, relying on outdated security tools is no longer viable. A comprehensive, identity-driven strategy is essential for effective SaaS security and risk management,” emphasized Yaari. “The repercussions of inaction can be severe—enterprises must act quickly to tackle these risks and update their security frameworks to align with the rapid pace of SaaS integration.”

Reassessing Security Strategies

Organizations heavily reliant on SaaS must swiftly transition away from conventional security tools. Industry experts highlight that the growth is largely driven by business-led IT initiatives. Consequently, managing SaaS risks cannot rest solely on IT and security teams; it necessitates collaborative efforts across various departments, including business application owners and end users, to efficiently manage risks associated with SaaS at scale. An adaptative, identity-focused strategy that enables employee empowerment while mitigating risks is crucial in this rapidly evolving landscape.

Failure to implement this necessary shift leaves organizations exposed to potential security breaches. The recent high-profile incidents experienced by firms like Snowflake and Microsoft underline the perils posed by unmanaged SaaS environments, Shadow SaaS, and lingering access controls. Companies that proactively respond to emerging SaaS trends will be better positioned to safeguard sensitive information, maintain compliance, optimize financial resources, and bolster innovation while mitigating related risks.

Research Methodology

The results detailed in Grip’s report on SaaS Security Risks are derived from anonymized data collected through the Grip SaaS Security Control Plane (SSCP) solution. This encompasses insights gleaned from over 29 million SaaS user accounts, 1.7 million identities, and 23,987 potentially risky SaaS applications.

For further insights into the 2025 SaaS and AI tool security risks, readers are encouraged to download the complete report from Grip Security.

For more information regarding the Grip SaaS Security Control Plane Platform, additional resources are available online.

About Grip Security

Grip Security stands at the forefront of SaaS identity risk management, offering innovative solutions designed to aid enterprises in navigating the security challenges posed by extensive SaaS adoption. The company’s SaaS Security Control Plane platform allows organizations to identify, prioritize, secure, and orchestrate the remediation of risks, ensuring that identity remains the cornerstone for protecting all SaaS applications while supporting secure SaaS adoption.

Source
www.darkreading.com