SaaS security firm Adaptive Shield has released its 2023 SaaS-to-SaaS Access Report today, detailing security risks posed to businesses by third-party apps.
Third-party apps and third-party risk.
Software-as-a-Service (SaaS) security company Adaptive Shield this morning released their annual SaaS-to-SaaS Access Report, which discusses this year’s organizational security risks posited by connected third-party apps.
Business-critical apps with connections that may expose organizations to risk.
Adaptive Shield researchers report that companies with 10,000 SaaS users utilizing Microsoft 365 on average have 2,033 applications connected to the productivity software, with that number jumping to 6,710 in Google Workspace connections. For the companies with a larger user base of 10,000-20,000 SaaS users that utilize Google Workspace, the average number of connected apps increases to 13,913. High-risk access to permissions, such as the ability to see, create, edit, and delete Google Drive files and M365 data have been found in 39% of apps connected to M365 and 11% to Google Workspace, researchers say. Business communication software Slack was found, on average, to have about 222 connected SaaS-to-SaaS apps, with 41 apps applying to Salesforce.
Commonly connected apps, and expert advice.
The apps most commonly connected to such software were found to be email applications, followed by file and document management apps. Scheduling, content management, and project management apps also earned a spot on the top ten list. Maor Bin, CEO of Adaptive Shield, advises organizations to create effective policies around app integration, and to implement appropriate training and monitoring programs: “The simple app-to-app connectivity that makes SaaS apps vital productivity tools also makes them significantly dangerous. While it’s clearly unrealistic to expect businesses to curb their reliance on SaaS apps, they cannot allow this adoption to go unchecked. To eliminate these risks companies must develop policies for integrating apps, prioritize employee training, and deploy monitoring solutions that help over-taxed security teams identify and eliminate high-risk permission sets before it’s too late.”