Public SaaS Assets Are a Major Risk For Medium, Large Firms

Written by

One in four (81%) medium-sized and 78% of large companies have encryption files stored in Google Drive/Workspace. Also, 61% of companies have employees who have shared company-owned assets with their personal email.

The findings come from DoControl’s latest software as a service (SaaS) Security Threat Landscape report, which suggests the manual tracking of sensitive assets may be more complex than previously imagined.

The report also reveals an average of nearly 224,000 assets in SaaS applications in medium-sized companies that have been shared externally (nine external actors per employee on average).

Figures related to large companies are similarly concerning, according to DoControl CEO Adam Gavish, with roughly 241 fourth-party domains, on average, having access to SaaS assets.

“While we all rely on SaaS applications to improve productivity and collaboration, few have stopped to consider the sheer number of assets that flow in and out of these tools each day,” Gavish said, commenting on the findings.

Case in point, 67% of all companies surveyed by DoControl said they had employees with access to assets stored in Google Workplace that are more than five years old. At large enterprises, Google had an average of 81 third-party application integrations (27 of those, on average, had data access and nine were overprivileged).

“Enterprises increasingly consider security when entering business transactions and engagements, which means the risks of a poor SaaS security posture can act as a spoiler for business outcomes,” Gavish added. “The goal of this report is to quantify and illustrate the chaos so businesses can better understand their risk exposure and act accordingly to regain control of their SaaS estate.”

What’s hot on Infosecurity Magazine?