January 31 The Spiraling SaaS Stack: Real Case Study of How a $10B Company Took Back Control to Keep SaaS Data Security
SSPM establishes itself as the critical solution in the sector
– Hananel LivnehProduct Marketing Manager, Adaptive Shield
Tel Aviv, Israel – January 31, 2024
The breakneck pace of SaaS application adoption is driving double-digit growth in the size of enterprise SaaS stacks, as businesses embrace cloud services to improve collaboration, reduce costs, and enable the hybrid working model .
As SaaS stacks accumulate, their attacks also scale across the thousands of application instances used by organizations’ employees. Today, SaaS application owners mostly work outside of IT, without the knowledge or training needed to keep them secure. With this democratization of SaaS ownership in organizations, security leaders are struggling to get a complete picture of the applications and their security settings in their networks, including SaaS-to-SaaS connected third-party applications.
This article will explore how a $10 billion revenue media organization adopted an SSPM solution to take control of the security of its SaaS stack and significantly improve its security posture. A Forrester Consulting Total Economic Impact™ (TEI) study, commissioned by Adaptive Shield, found that the investment enabled the company to achieve a 201% ROI in less than 6 months.
The SaaS Data Security Challenge
The company surveyed in the SSPM study is a global media and information services company headquartered in Europe. As an image and reputation expert, data security is a major concern in an organization that is entrusted with data by high-profile clients.
Three years ago, the company began experiencing incidents attributed to a lack of security controls over SaaS applications.
Security concerns have coincided with the large and growing volume of business-critical SaaS applications. The organization was increasingly using SaaS applications across IT, HR, finance, sales, marketing and product teams. To compound the problem, the company faced increased application adoption complexity due to mergers and acquisitions and the geographic distribution of SaaS application tenants.
Because the organization’s security and risk management team had little knowledge of each application, they could not ask the right questions of application owners. Application owners were neither educated nor equipped enough to exercise security, and were happy to maintain their newfound independence as application managers holding the “keys to the kingdom.”
Despite the security team’s efforts, the company struggled to address the security challenges posed by SaaS applications. The company had experienced six internal security breaches that year. The company’s security team also invested a total of 2,400 hours per year implementing compliance rules.
“We started seeing some small incidents that were a result of SaaS misconfiguration, so we needed to do something about that… (That) was a wake-up call for us that we really need to look at all large-scale configurations,” the security official said. of the company said in an interview with Forrester for the study.
The media company decided it was time to consider an automated SaaS security monitoring solution and turned to SSPM.
Take Back Control of Data Security
The company began evaluating several suppliers. During a proof-of-concept (POC) phase with Adaptive Shield, the organization’s security team instantly detected issues in their SaaS configurations and resolved them based on the POC results.
In 2022, Adaptive Shield was selected and deployed to secure the organization’s SaaS stack.
Before the POC, the company’s SaaS security level was measured at 40%. During the first six months, the organization experienced rapid improvement in its score, which reached 70 percent by the end of the first year.
“When we look at security score trends, we see a significant increase over time,” CSO said.
In the second year, the security level improved to 85 percent, and the company was on track to achieve a score of 95 percent after three years, according to the study’s forecasts.
According to the study, the substantial improvement in the overall security posture score was attributed to SSPM’s capabilities in providing visibility, remediation guidance and continuous monitoring.
A specific and significant benefit the company has achieved with SSPM is improved configuration error handling.
Misconfigured SaaS settings are a leading cause of SaaS data breaches, SaaS data thefts, and SaaS ransomware. Poor security configurations cause 35% of cyber incidents all time, study finds. analysis by SOCRadaar Research.
SaaS applications can have hundreds of security settings to configure, in addition to the ongoing need for updates.
After Adaptive Shield was deployed, the annual assessment was replaced by continuous monitoring of each application’s security posture and reporting of its configuration fixes through the Adaptive Shield platform. The organization saw significant efficiency gains in detecting configuration errors and allocated more resources to analyze and resolve issues.
The study found that the efficiency of the configuration error detection process improved by 70% using SSPM.
The study also found that the Adaptive Shield platform improved collaboration between security teams and application owners. The deployment of Adaptive Shield helped fill security knowledge gaps for SaaS application owners and foster collaboration across teams.
Many qualitative benefits of SSPM were also found in the study. The transition from manual to automated processes has allowed security teams to focus on managing security rather than conducting interviews with application owners about their configurations. Overall, it also helped the organization overcome the challenges introduced by the democratization of security management and securing SaaS data.
The study concludes that Adaptive Shield allowed the security team to “gain complete control and increased visibility over the security posture of all business-critical applications.”
Return on investment with SSPM
In a case study of a media organization struggling to manage SaaS security as its SaaS landscape rapidly expanded, the traditional security approach was failing at scale. Adopting an SSPM has been found to significantly improve security and efficiency while reducing costs:
- Overall security posture improvement contributed $1.49 million
- Improving SaaS Configuration Error Detection Effectiveness Was Worth $397,000
- Improving the effectiveness of SaaS security compliance monitoring was valued at $260,000.
- Improved collaboration between security teams and business application owners saved an additional $32,000
Total profits over three years (in present value terms) totaled $2.1 million. The total cost of licensing and deployment over these three years, in present value terms, was $723,866. The ROI was achieved in less than six months and the ROI over a three-year period was 201%.
As the frequency of SaaS attacks continues to increase and SaaS incidents continually expose organizations to data leaks, breaches, compliance lapses, and other potential disruptions to business operations, the study presents today SSPM as an effective and efficient technology allowing organizations to truly secure their SaaS. data.
Hananel Livné is Product Marketing Manager at Adaptive Shield. He joined Adaptive Shield from Vdoo, an embedded cybersecurity company, where he was a senior product analyst. Hananel completed an MBA with distinction from OUI and holds a BA from the Hebrew University in Economics, Political Science and Philosophy (PPE). Oh, and he loves mountain climbing.
Adaptive Shield, the leader in SaaS security, enables security teams to secure their entire SaaS stack through threat prevention, detection, and response. With Adaptive Shield, organizations continuously manage and control all SaaS applications, including third-party connected applications, and govern all SaaS users and risks associated with their devices. Founded by Maor Bin and Jony Shlomoff, Adaptive Shield works with many Fortune 500 companies and was named a 2022 Gartner® Cool Vendor™. For more information, visit us at www.adaptive-shield.com or follow us on LinkedIn.