Mid-market organizations struggling with SaaS security gaps

A report by Cloud Security Alliance reveals that mid-market organizations face significant challenges in securing their growing number of software-as-a-service applications, with many underestimating the extent of their SaaS usage, according to Help Net Security.

Less than half, or 44%, of companies focus on protecting sanctioned applications, and only 17% prioritize unsanctioned ones, leaving critical security gaps. Limited visibility into these applications increases risks, making specialized security tools and automation essential, according to CSA.

Configuration management efforts are primarily concentrated on key systems like Google Workspace and identity management services, but only 28% of organizations intend to automate these security measures across their applications. AI-related risks were also identified as a concern, with 75% of companies stating they were either moderately or highly concerned about AI-assisted threats to data and intellectual property, yet only 51% have dedicated teams addressing AI-specific security. Many organizations rely on manual processes and general-purpose security tools, which are insufficient for SaaS security. While most companies plan to increase IT budgets, only 3% have dedicated SaaS security funding.