2023年SaaS安全调查报告（英）

TheAnnualSaaSSecuritySurveyReport

2024PlansandPriorities

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities1

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

Contents

KeyFindings3

SurveyCreationandMethodology4

Data&Discussion

SaaSSecurityIncidentsontheRise

CurrentSaaSSecurityStrategiesandMethodologiesDon’tGoFarEnough

StakeholderSpreadinSecuringSaaSApplications

HowOrganizationsArePrioritizingPolicies&ProcessesforTheirEntireSaaSInvestmentinSaaSandSaaSSecurityResourcesareDrasticallyIncreasing

Security

Ecosystem

5

5

6

8

9

12

Demographics

15

AppendixA:SurveyResults

17

Acknowledgements

26

AbouttheSponsor26

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities2

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

SaaSSecurityIncidentsontheRise

55%oforganizationsreportthattheyexperiencedanincidentinthepasttwoyears,withanother12%unsure.Thesefindingsunderscorethatcompaniesarecomingtounderstandtheharshrealitythatcommonon-premtypesofattacks,suchasransomware,malware,anddatabreaches,canalsooccurintheircloudSaaSenvironments.

CurrentSaaSSecurityStrategiesandMethodologiesDon’tGoFarEnough

Thesurveyfindsthatoverhalf(58%)oforganizationsestimatetheircurrentSaaSsecuritysolutionsonlycover50%orlessoftheirSaaSapplications.It’sbecomingclearthatmanualauditsandCASBsarenotenoughtoprotectcompaniesfromSaaSsecurityincidents.

StakeholderSpreadinSecuringSaaSApps

CISOsandsecuritymanagersareshiftingfrombeingthecontrollerstogovernorsastheownershipofSaaSappsarespreadoutthroughallthedifferentdepartmentsoftheirorganization.Alignment,communicationandcollaborationarekeytobeingabletosecuretheorganization’sSaaSstack.

HowOrganizationsArePrioritizingPolicies&ProcessesforTheirEntireSaaSSecurityEcosystem

SaaSsecuritycontinuestoadapttoencompasstheexpandingbroadrangeofconcernsintheSaaSEcosystem,includingSaaSMisconfigurations,SaaS-to-SaaSAccess,Device-to-SaaSRiskManagement,IdentityandAccessGovernance,andIdentityThreatDetection&Response(ITDR).Organizationsareputtingrobustpolicies,processes,andcapabilitiesinplacethatareessentialforprotectingthesedifferentdomains.

InvestmentinSaaSandSaaSSecurityResources

AreDrasticallyIncreasing

66%oforganizationshaveincreasedtheirinvestmentinapps,with71%increasingtheirinvestmentinsecuritytoolsforSaaS.Morespecifically,thesurveyshowsthatadoptionofSaaSSecurityPostureManagement(SSPM)solutionshasgrownsignificantly,increasingfrom17%in2022to44%in2023.ThiscanbeattributedtothefactthatSSPMsprovidecoverageinareaswhereothermethodsandstrategieshavefallenshort,offeringmorecomprehensiveprotectionagainstvarioussecurityrisksthroughoutthewholeSaaSSecurityEcosystem.

KeyFindings

1

2

3

4

5

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities3

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

CurrentSaaS

applicationusein

organizations

Organizations'securitypoliciesandprocessesregardingSaaSapplications

AwarenessandexperiencewithSaaSthreats

SurveyCreationandMethodology

TheCloudSecurityAlliance(CSA)isanot-for-profitorganizationwithamissiontowidelypromotebestpracticesforensuringcybersecurityincloudcomputingandITtechnologies.CSAalsoeducatesvariousstakeholderswithintheseindustriesaboutsecurityconcernsinallotherformsofcomputing.CSA’smembershipisabroadcoalitionofindustrypractitioners,corporations,andprofessionalassociations.OneofCSA’sprimarygoalsistoconductsurveysthatassessinformationsecuritytrends.Thesesurveysprovideinformationonorganizations'currentmaturity,opinions,interests,andintentionsregardinginformationsecurityandtechnology.

AdaptiveShieldcommissionedCSAtodevelopasurveyandreporttobetterunderstandtheindustry’sknowledge,attitudes,andopinionsregardingSaaSapplicationuse,SaaSsecuritypoliciesandprocesses,SaaSthreats,andSaaSsecuritystrategy/solutions.AdaptiveShieldfinancedtheprojectandco-developedthequestionnairewithCSAresearchanalysts.ThesurveywasconductedonlinebyCSAinMarchof2023andreceived1130responsesfromITandsecurityprofessionalsfromorganizationsofvarioussizesandlocations.CSA’sresearchanalystsperformedthedataanalysisandinterpretationforthisreport.

GoalsoftheStudy

TheprimaryobjectivesofthesurveyweretogainadeeperunderstandingofseveralcriticalaspectsofSaaSsecurityinorganizations.

Currentandfutureuseofsecuritysolutions

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities4

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

Data&Discussion

Intoday'sdigitallandscape,SaaSsecurityisofcriticalimportancefororganizationsofallsizes.Asbusinessesincreasinglymovetheiroperationsanddatatothecloud,ormorespecifically–SaaSapplications,thesecurityoftheseappsbecomesparamount.WhileSaaSapplicationsaresecurebydesign,thewaytheyareconfiguredandgovernediswhatposesarisk.Withoutpropersecuritymeasures,organizationsareexposedtodatabreaches,cyber-attacks,andothersecurityincidentsthatcanresultinsignificantfinancialandreputationaldamage.UnderstandingSaaSsecurityisthereforeessentialfororganizationstoprotectthemselvesfromtheserisks.

It'swiththisbackdropthatthissurveyreturns,delvingintotheintricaciesofSaaSsecurityandofferingafollow-uptolastyear'sreport.Belowarethisyear’sfindingsandinsights.

KeyFinding#1

SaaSSecurityIncidentsontheRise

ThesurveyrevealsasignificantincreaseinsecurityincidentswithintheSaaSecosystem,with55%oforganizationsreportingthattheyexperiencedanincidentinthepasttwoyears,up12%fromthepreviousyear.Aboutathird(32%)ofrespondentsstatedthattheyhadn'tencounteredaSaaSsecurityincidentwithinthesameperiod,while12%wereunsure.

Thefindingsunderscorethatmanycompaniesarecomingtounderstandtheharshrealitythatcommonon-premtypesofattacks,suchasransomware,malware,anddatabreaches,canalsooccurintheirSaaSenvironments.

HasyourcompanyexperiencedaSaaSapplicationsecurityincidentwithinthepasttwoyears

55%

Yes

12%

Unsure

32%

No

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities5

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

KeyFinding#1/SaaSSecurityIncidentsontheRise

AmongthemostprevalentSaaSsecurityincidentsreportedweredataleakage(58%),maliciousapps(47%),databreaches(41%),andSaaSransomware(40%),highlightingthegrowingneedforrobustsecuritymeasuresandincreasedawarenessofthepotentialrisksassociatedwiththeexpandingSaaSlandscape.

Whattypeofsecurityincident(s)haveyouexperienced

41%

32%

11%

47%

58%

40%

DataLeakage

MaliciousApps

InsiderAttack

DataBreach

SaaSRansomware

CorporateEspionage

KeyFinding#2

CurrentSaaSSecurityStrategiesand

MethodologiesDon’tGoFarEnough

InsufficientMonitoringofSaaSApplications

AkeycontributortothenotedincreaseinSaaSsecurityincidents,thefindingsfromthesurveysuggestthatasignificantnumberoforganizationsarefallingshortwhenitcomestoimplementingeffectiveSaaSsecuritymeasures.ManycompaniesareusingsecuritysolutionsthatdonotcovertheirentireSaaS

stack,leavingtheirapplicationsanddataexposedtocyberthreats.Specifically,thesurveyfoundthatoverhalf(58%)oforganizationsestimatetheircurrentSaaSsecuritysolutionsonlycover50%orlessoftheirSaaSapplications.

PercentageoftheSaaSapplicationsmonitoredbySaaSsecuritysolutions

20%

oforganizations

~100%ofthestackismonitored

6%oforganizations

33%oforganizations

7%oforganizations

6%oforganizations

28%oforganizations

~25%ofthestackismonitored

~50%ofthestackismonitored

~75%ofthestackismonitored

Noneofthemmonitored

Unsure

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities6

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

KeyFinding#2/CurrentSaaSSecurityStrategiesandMethodologiesDon’tGoFarEnough

ThesefindingshighlightthepressingneedforcompaniestoreassesstheirsecuritysolutionsandensuretheyprovidecomprehensivecoverageacrosstheirentireSaaSecosystem.Bydoingso,organizationscansignificantlyreducetheirriskofsecurityincidents,includingdatabreaches,ransomwareattacks,andothertypesofcyber-attacks.Ultimately,thiswillhelptosafeguardtheirreputationandmaintainthetrustoftheircustomers.

CASBsandManualAuditsFallingShortforSaaSsecurity

ManyorganizationsrelyonCloudAccessSecurityBrokers(CASBs)andmanualauditstosecuretheirSaaSapplications.However,thesemethodsareprovingtobeinsufficientinanumberofkeyareas.Additionally,manualauditsexposecompanydatabetweenaudits,leavingorganizationsatriskforsecurityincidentsduringthosegaps.

WhatpercentageoforganizationsaregettingfullSaaSsecuritycoveragefromCASBandmanualaudits

IdentityandAccessGovernanceSaaSThreatDataLossPrevention

11%CASB

15%CASB

14%CASB

13%ManualAudits

13%ManualAudits

14%ManualAudits

3rdPartyAppDiscoverySaaSUserDeviceRiskManagementSaaSMisconfigurations

12%CASB

10%CASB

10%CASB

11%ManualAudits

10%ManualAudits

10%ManualAudits

ThesefindingsindicatethatorganizationsneedtoreevaluatetheirsecuritystrategiesandinvestinmorecomprehensivesolutionsandstrategiesthatprovidefullcoverageacrosstheirSaaSecosystemtoreducetheriskofsecurityincidents.ThisisalsolikelywhatiscontributingtotheincreaseduseofSaaSSecurityPostureManagement(SSPM)tools.

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities7

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

KeyFinding#3

StakeholderSpreadinSecuring

SaaSApplications

Inadditiontomonetaryinvestmentsintools,security,andstaff,organizationsareincreasinglyinvolvingnumerousstakeholdersintheprocessofsecuringbusiness-criticalapplications.Acrossatypicalorganization,awidearrayofSaaSappsareusedfromfilesharingandcollaborationappstoCRM,projectandworkmanagement,marketingautomation,andmanymore.SaaSappsfillavarietyofnicheroles,yetthisstakeholderspreadcomplicatesthethreatlandscape.

Now,CISOsandsecuritymanagersareshiftingfrombeingthecontrollerstogovernorsofSaaSappsecurity,andthesurveyshowshowmanyofthoseengagedinsecuritygovernanceholdexecutive-levelpositionsorserveasdepartmentheads,indicatingthatbusinessesaretakingSaaSsecurityseriously.Theinvolvementofkeydecision-makersunderscoresthegrowingrecognitionofthecriticalrolethatSaaSsecurityplaysinprotectingvaluableassetsandensuringoperationalcontinuity.

However,withsomanyindividualsinvolved,itcanbecomechallengingtodeterminewhoisultimatelyresponsibleforSaaSsecurity.SaaSapplicationsoftenrequireclosecollaborationbetweenthesecurityteamandappowners,asthesecurityteammaynotalwayshavedirectaccesstotheSaaSapp.Thisnecessitatesprocessesandtoolsthatcanbridgethegapandactivelyengageappowners,whoarecrucialforeffectiveSaaSsecuritymanagement.

Titlesinvolvedinsecuringbusiness-criticalapps

43%

39%

38%

42%

HeadofSecurity

SecurityOperations

IT

CloudSecurityArchitects

4%

16%

29%

26%

GRCTeam

Idon’tknow/Other

CIO

BusinessApplicationOwner

Byfosteringacollaborativeenvironmentandimplementingsolutionsorstrategiesthatfacilitatecommunicationandcoordinationbetweensecurityteamsandappowners,organizationscancreateamorerobustandstreamlinedapproachtosecuringtheirbusiness-criticalapplications.This,inturn,willhelpminimizepotentialthreatandensureahigherlevelofprotectionagainsttheever-evolving

landscapeofSaaSsecuritythreats.

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities8

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

KeyFinding#4

HowOrganizationsArePrioritizing

Policies&ProcessesforTheirEntireSaaS

SecurityEcosystem

Overthepastyear,thefocusofSaaSsecurityhasevolvedsignificantly,drivenbyfactorssuchasincreasedinvestmentinbusiness-criticalSaaSapplications,ariseinsecurityincidents,andthegrowingnumberofthreatactorstargetingSaaSapps.Previously,organizationsandsecuritytools,likeSSPMs,wereprimarilyfocusedonmisconfigurationmanagement.However,SaaSsecurityhasadaptedtoencompassabroaderrangeofconcerns,includingSaaS-to-SaaSAccess,Device-to-SaaSRiskManagement,IdentityandAccessGovernance,andIdentityThreatDetection&Response(ITDR).

SaaSPoliciesandProcedures

WiththerisingimportanceofSaaSinthebusinesslandscape,havingrobustpolicies,processes,andcapabilitiesinplaceisessentialforprotectinganorganization'sSaaSstackandthedataitcontainsfromthreatactors.

Organizationsarenowputtingmeasuresinplacetoaddresskeyareas.ThedatabelowpresentswhatorganizationsarestartingtoprioritizewhensecuringtheirSaaSstackthroughoutthedifferentdomainsoftheSaaSSecurityEcosystem.

MisconfigurationManagement

Addressingmisconfigurationissuesisvitaltoprotectanorganization'sSaaSstackfrommisconfiguredsecuritysettingsthatcanbeexploitedbythreatactors.Themainprioritiesformisconfigurationmanagementofrespondentsinclude:

Communicationandcollaborationbetweensecurityandappownerteams

Withastrongsystemandprocessin

Detailedfixesandmitigationofmisconfigurations

place,thesehigh-impactareascan

Prioritizationbasedontheapplication,securitydomain,andrisklevel

helpreducetheSaaSattacksurface.

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities9

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

Search,detect,andquantifyriskofconnectedthird-partySaaSapplications

DetectmaliciousappsthathavebeenintegratedintotheSaaSstack

Isyoursecurityteamabletoidentifyandmanageuserswithmultipleusernames

64%Yes14%No18%Idon’tknow3%N/A

KeyFinding#4/HowOrganizationsArePrioritizingPolicies&ProcessesforTheirEntireSaaSSecurityEcosystem

Third-PartyAppAccess

Asorganizationsincreasinglyrelyonthird-partySaaSapplications(appsthatareconnectedtothecorestack),itbecomescrucialtohavepoliciesinplacetoassessandmanagepotentialrisks.Themainprioritiesfor3rd-partyappaccessinclude:

Processforappownersrequiringthemtosubmitarequesttosecuritybeforeconnectinganapp

Theseprioritiesreflecttheneedforstrongsystemsandprocessesinplacetoprotectagainstthird-partyappaccessthreats.

SaaSIdentityandAccessGovernance

ProperidentityandaccessgovernanceisessentialforsafeguardingsensitivedatawithintheSaaSecosystem.TheprioritiesinIdentityandAccessGovernanceinorganizationstodayinclude:

Ensureeachuserhastherightlevelofaccessneeded

DetectusersthathavebeendisabledintheActiveDirectorybutstillhaveaccesstoSaaSapplications

DetectdormantaccountstoquicklyensurethedeprovisioningoftheiraccesstoSaaSifneeded

NotificationofAdminaccess

Authenticationpractices(e.g.,keymanagement,certificatemanagement)

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities10©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

Checkingthedevicehygiene(vulnerabilitiesandupdatedagents)ofeachandeverySaaSuser,especiallyprivilegedones

Detectbruteforceattacks

KeyFinding#4/HowOrganizationsArePrioritizingPolicies&ProcessforTheirEntireSaaSSecurityEcosystem

MonitoringSaaSUserDevices

EnsuringthesecurityofdevicesthataccesstheSaaSstackiscriticalforpreventingunauthorizedaccessanddatabreaches.OrganizationalprioritiesforensuringSaaSrisksarenotstemmingfromdevicesinclude:

IdentifyingunmanageddevicesaccessingtheSaaSstack

Manydon’tviewdevicesasaweakspotintheirSaaSappsecurity.Theoppositeistrue;devicesareagateway—andifaprivilegeduser’sdeviceisnotsecure,thedamageifathreatactorsucceedswouldbesignificant.

Myorganization'spoliciesandprocessesformonitoringdevicesthataccessSaaSapplicationsinclude

47%

5%

54%

17%

42%

Identifyunmanaged

devicesaccessingthe

SaaSstack

Idon’thavea

process/

I’munabletomonitor

devicesthataccess

ourSaaS

Checkthedevice

hygiene(vulnerabilities

andupdatesagents)of

eachandeverySaaS

user

Checkthedevice

Ourprocessdoesnot

includeanyofthe

above

hygiene(vulnerabilities

andupdatesagents)of

SaaSprivilegedusers

only

ThreatDetectionandResponse

Proactivethreatdetectionandresponseiscrucialfordefendingorganizationsfromtargetedattacks.In

today’senvironment,theprioritiesforthreatdetectionandresponseare:

IdentifyandrespondtouserandentitybehaviorDetectMFAfloodattacks

anomalies

Detectattacksthroughthreatintelligence

Myorganization'sSaaSthreatdetectionandresponsecapabilitiesinclude

47%

DetectMFAfloodattacks

58%

Detectattacksthroughthreatintelligence

36%

Detectbruteforceattacks

6%

2%

Other

44%

Identifyandrespondtouserandentitybehavioranomalies

Idon’thaveSaaSthreatdetectionandresponsecapabilities

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities11

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

KeyFinding#5

InvestmentinSaaSandSaaSSecurityResourcesAreDrasticallyIncreasing

IncreasedInvestmentinSaaS

OrganizationsarerelyingmoreheavilyonSaaSresources,encompassingnotjustbusiness-criticalappsandstaffbutalsotherightsecuritytoolsfocusedonSaaSsecurity.

Accordingtothesurvey,71%oforganizationshaveincreasedtheirinvestmentinsecuritytoolsforSaaS,demonstratingagrowingcommitmenttoprotectingtheirdigitalassets.Furthermore,68%oforganizationshaverampeduptheirinvestmentinhiringandtrainingstaffonSaaSsecurity,recognizingtheimportanceofhumancapitalinsafeguardingtheirSaaSecosystems.Additionally,66%oforganizationshaveincreasedtheirinvestmentinbusiness-criticalSaaSapplications,reflectingthegrowingrelianceonthesetoolsforcorebusinessfunctions.

ThisholisticapproachtoSaaSinvestment,encompassingsecuritytools,personnel,andapplications,underscorestheimportanceofrobustsecuritysolutionslikeSSPMs.

ChangesinCompanyInvestmentsinSaaS

71%68%

66%

25%

23%

27%

8%

5%6%

Decreased

Remainedthesame

Increased

BusinesscriticalSaaSapplicationsSecuritytoolsforSaaSHiringand/ortrainingstafforSaaSsecurity

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities12

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

KeyFinding#5/InvestmentinSaaSandSaaSSecurityResourcesareDrasticallyIncreasing

IncreaseinUseofSaaSSecurityPostureManagement(SSPM)

WithSaaSsecurityincidentsontheriseandcurrentSaaSsecuritymethods(e.g.,CASBandmanualaudits)fallingshort,organizationsareseekingoutmoreadvancedSaaSsecuritytoolingsuchasSSPMs.ThesurveyshowsthatadoptionofSSPMtoolshasgrownsignificantly,withthepercentageoforganizationsusingSSPMincreasingfrom17%in2022to44%in2023.

ThiscanbeattributedtothefactthatSSPMsprovidecoverageinareaswhereothermethodsandstrategieshavefallenshort,offeringmorecomprehensiveprotectionagainstvarioussecurityrisksthroughoutthewholeSaaSSecurityEcosystem.

Asbrokendownearlierinthispaperbutsummarizedhere,theseareasinclude

•SaaSMisconfigurations:EnsuringproperconfigurationofSaaSapplicationstoavoidbreaches.

•Identity&AccessGovernance:ManagingandcontrollinguseraccesstoSaaSapplicationsandresources.

•Third-PartyAppAccess:Identifyingandmanagingtherisksassociatedwiththird-partyapplicationsaccessingSaaSenvironments.

•DataLossManagement:PreventingandmitigatingthelossorleakageofsensitivedatainSaaSapplications.

•ConnectedMaliciousApps:DetectingandremovingmaliciousapplicationsthatcouldcompromisethesecurityoftheSaaSenvironment.

•ThreatDetection&Response:Proactivelyidentifyingandrespondingtosecuritythreatsinreal-time.

•SaaSUserDevices:MonitoringandmanagingthesecurityrisksassociatedwithuserdevicesconnectingtoSaaSapplications.

UsageofSSPMYearoverYear

2023

44%

2022

17%

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities13

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

KeyFinding#5/InvestmentinSaaSandSaaSSecurityResourcesareDrasticallyIncreasing

AreyoucurrentlyusingorplanningtouseaSaaSSecurityManagment(SSPM)platform

19%

Nocurrentplan

44%

Currentlyusing

36%

AsSaaSsecurityincidentscontinuetorise,

organizationsarerecognizingthelimitations

ofothersecuritymethodslikeCASBsand

manualauditsforSaaS.Theincreasedadoption

aswellasthesignificantpercentageofthose

planningonadoptingSSPMsolutionsreflects

thegrowingawarenessoftheneedformore

robustandcomprehensivesecuritymeasuresto

protectagainsttheever-evolvinglandscapeof

SaaSsecuritythreats.

Plantouseinthe

next18months

SSPMBeneits

GiventheincreasingimportanceofSaaSsecurity,thereisaclearneedforamorecomprehensiveandrobustapproach.ThereareSaaSsecuritytoolssuchasSSPMsthatcanassistorganizationswiththepolicies,processes,andcapabilitiesthattoday’sSaaSsecuritylandscaperequires.Byfocusingonthesecriticalaspects,organizationscanbetterprotecttheirvaluableassetsandensurethesafeoperationoftheirbusiness-criticalapplicationsinanincreasinglycomplexthreatlandscape.

BenefitsthatinterestcompaniesinSSPM

31%

MitigateSaaSthreats

23%

Timesavingsinmanagementandmaintenance

7%

10%

Costsavings

29%

IncreaseSaaSsecurityposture

Abilitytoadapttonewconditionsorchallenges

OrganizationsareincreasinglyrecognizingthevalueofadoptingSaaSsecuritytoolslikeSSPMstoaddresstheevolvingchallengesintheSaaSlandscape.Thisexplainswhy44%havealreadyadoptedanSSPMsolutioninthepastyearandwhy36%areplanningtoadoptSSPMinthenext18months.Byleveragingthesetools,businessescaneffectivelymitigateSaaSthreatsandsignificantlyenhancetheiroverallsecurityposture.

Inaddition,theuseofSSPMsenablesorganizationstoachievetimesavingsinmanagementandmaintenance,asthesesolutionsstreamlineandautomatevarioussecurityprocessesthatwouldotherwiserequiremanualeffort.Thisautomationnotonlyleadstocostsavingsbyreducingtheneedformanual

workbutalsoallowsorganizationstoreallocateresourcestoothercriticalareas.Moreover,SaaSsecuritytoolsprovidetheadaptabilityneededtorespondtonewconditionsandemergingthreats,ensuringthatbusinessesremainagileandpreparedtoprotecttheirdigitalassetsandcriticalapplicationsinaconstantlychangingenvironment.

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities14

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

Demographics

ThesurveywasconductedonlinebyCSAinMarch2023andreceived1130responsesfromITandsecurityprofessionalsfromorganizationsofvarioussizesandlocations.

Inwhichindustrydoyouwork?

17%

11%

6%

6%

6%

Technology

FinancialServices

Government

Professionalservices(Law,Consulting,etc.)

Media

5%

5%

5%

5%

5%

Healthcare

Education

Insurance

eCommerce&Retail

Energy&Utilities

5%

5%

4%

3%

3%

Food

Industrials(Manufacturing,Construction,etc.)

Pharmaceutical

Banking

Transport&Logistics

3%

2%

1%

1%

1%

PublicServices

Telecom

Agriculture&Mining

Other

Travel&Hospitality

Whichofthefollowingmostcloselymatchesyourrole?

18%

12%

9%

8%

7%

7%

IT

CyberSecurity

CloudSecurity

Architect

SaaSSecurity

DeputyCISO

InfoSec

7%

5%

4%

4%

3%

2%

Cloudsecurity

GRC

SaaSSecurity

Architect

CISO

SecurityEngineer

CIO

2%

2%

2%

2%

1%

5%

SecOps(Security

ForensicsExpert

VendorRisk

PenetrationTester

Vulnerability

Other

Operations)

Assessment

Management

Whatisyourjoblevel?

14%

Staf

49%

Manager

37%

C-Levelorexecutive

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities15

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

Demographics

Whatisthesizeofyourorganization?

32%

<1000employees

12%

+10001employees

16%

40%

1001-5000employees

5001-10000

employees

Whatregionoftheworldyoulocatedin?

63%

Americas

11%

Europe,MiddleEast,Africa(EMEA)

26%

Asia-Pacific(APAC)

TheAnnualSaaSSecuritySurveyReport:2024Plans&Priorities16

©AllrightsreservedtoAdaptiveShield&CloudSecurityAlliance

AppendixA:SurveyResults

Changeincompany’sSaaSinvestments

Overthepastyear,has