Cloud apps make collaboration a breeze, but unless you’re keeping a close watch on identities, behavior, and privileges across each and every SaaS and IaaS you rely on, you’re a sitting duck.
The cloud blurs the lines between personal and corporate accounts and non-admin users can break least privilege with the click of a “share” button. Securely offboarding contractors and employees from dozens of SaaS apps is error prone and often results in shadow identities that attackers prey on.
If you’re not watching closely, users can silently copy, delete or expose your mission-critical data to just about anyone. And that data can be anything from your Salesforce customer list, your source code in GitHub, and your documents in Box and Google Drive.
To paint a picture of data risk across fragmented SaaS and IaaS environments, we created the 2021 SaaS Risk Report. We gathered and analyzed data from over 200,000 cloud identities and hundreds of millions of cloud assets for the report.
Our goal: to uncover key risks organizations face when trying to control unsupervised identities and shadow privileges that can put data at risk.
Here are just a few key findings:
- Nearly 44% of cloud privileges are misconfigured.
- 3 out of 4 cloud identities for external contractors remain active after they leave.
- 3 out of 5 users are shadow admins.
- 15% of employees transfer business-critical data to their personal cloud accounts.
👉Read the full report: 2021 SaaS Risk Report
🤔How did we get all this insight? It’s all thanks to DatAdvantage Cloud, our new cloud-hosted solution that protects your mission-critical SaaS applications and cloud data stores: AWS, Box, GitHub, Google Drive, Jira, Okta, Salesforce, Slack, and Zoom.
👋Want to see how your SaaS and IaaS instances are putting you at risk? DatAdvantage Cloud visualizes and prioritizes your biggest risks so you can proactively reduce your blast radius. Request your tour today at https://info.varonis.com/cloud-demo
Rob Sobers is a software engineer specializing in web security and is the co-author of the book Learn Ruby the Hard Way.