Varonis debuts trailblazing features for securing Salesforce. Learn More

Skip navigation

Inside Out Security

Inside Out Security Blog

2021 SaaS Risk Report Reveals 44% of Cloud Privileges are Misconfigured

Rob Sobers
Rob Sobers
|

Clock for time it takes to read article 1 min read

|

Last updated July 29, 2021

2021 SaaS Risk Report Reveals 44% of Cloud Privileges are Misconfigured

Contents

    Cloud apps make collaboration a breeze, but unless you’re keeping a close watch on identities, behavior, and privileges across each and every SaaS and IaaS you rely on, you’re a sitting duck.

    The cloud blurs the lines between personal and corporate accounts and non-admin users can break least privilege with the click of a “share” button. Securely offboarding contractors and employees from dozens of  SaaS apps is error prone and often results in shadow identities that attackers prey on.

    If you’re not watching closely, users can silently copy, delete or expose your mission-critical data to just about anyone. And that data can be anything from your Salesforce customer list, your source code in GitHub, and your documents in Box and Google Drive.

    To paint a picture of data risk across fragmented SaaS and IaaS environments, we created the 2021 SaaS Risk Report. We gathered and analyzed data from over 200,000 cloud identities and hundreds of millions of cloud assets for the report.

    Our goal: to uncover key risks organizations face when trying to control unsupervised identities and shadow privileges that can put data at risk.

    Here are just a few key findings:

    • Nearly 44% of cloud privileges are misconfigured.
    • 3 out of 4 cloud identities for external contractors remain active after they leave.
    • 3 out of 5 users are shadow admins.
    • 15% of employees transfer business-critical data to their personal cloud accounts.

    👉Read the full report: 2021 SaaS Risk Report

    🤔How did we get all this insight? It’s all thanks to DatAdvantage Cloud, our new cloud-hosted solution that protects your mission-critical SaaS applications and cloud data stores: AWS, Box, GitHub, Google Drive, Jira, Okta, Salesforce, Slack, and Zoom.

     👋Want to see how your SaaS and IaaS instances are putting you at risk? DatAdvantage Cloud visualizes and prioritizes your biggest risks so you can proactively reduce your blast radius. Request your tour today at https://info.varonis.com/cloud-demo

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.
    Rob Sobers
    Rob Sobers

    Rob Sobers is a software engineer specializing in web security and is the co-author of the book Learn Ruby the Hard Way.

    Get a free Risk Assessment

    You can't protect what you don't know is vulnerable.

    Give us 90-minutes of your time, and we'll create a Free Risk Assessment that will open your eyes to your unknown weak spots—fast, and without adding work to your plate.

    Start Your Risk Assessment

    Keep reading