Managing SaaS Application Security in 2023
Find out how IT decision makers can plan for the future and find solutions to the problems that might arise while they are managing SaaS application security in 2023.
This story is part of Security Essentials, the IT Vault’s practical advice for getting the most out of your security team.
Over the past few years, many companies drastically increased their investment in SaaS applications and cloud services in order to support a remote or hybrid workforce. Now, in the midst of economic uncertainty, companies are diverting their attention from SaaS growth to SaaS spend management. In 2023, IT planning for SaaS management and spend will revolve around finding apps that have cross-functional needs, uncovering volume of use, and deciding whether or not certain SaaS apps actually provide value to the company.
Another piece of the SaaS puzzle sitting front and center with IT professionals (and, increasingly, execs) is IT security, keeping the company’s data as secure as possible. According to a recent study, a large portion of IT leaders who responded indicated that they felt confident in the data classification, security policies, and tools their companies have in place to govern which data is being shared with their SaaS apps.
In addition to that, 96% indicated that they felt very confident or confident in their SaaS security. However, even with the high levels of confidence indicated above, security remained the top concern for respondents.
2023 is bound to be a year of growth for SaaS security and spend management. Keep reading to find out how IT decision makers can plan for the future and find solutions to the problems that might arise while they are managing SaaS application security in 2023.
Future Focus for SaaS Decision Makers
As an IT decision maker for your company, there’s a good chance that a major focus for 2023 will be SaaS application security. Even as business leaders plan 2023 budgets against a questionable economy, security continues to be at the top of the priority list.
Following the management of security, study participants ranked ‘identifying usage of all SaaS applications within our organization’ as priority number two. This includes a variety of risk factors such as:
• Visibility of SaaS applications: how well certain people are able to see how SaaS apps are being used and who they are being used by.
• Authorized application downloading and use: making sure that employees don’t just download new apps whenever they want to or use apps they shouldn’t have access to.
• Authentication and permissions: making sure the correct people have the correct level of access to certain data and SaaS apps.
• Collaboration between IT and the rest of the company: ensuring the IT team is in the loop for how the rest of the company is using SaaS apps in order to keep the company safe.
When it comes to who in each organization is focused on SaaS app security and visibility, the lower down the chain you go, the more confidence wanes. For example, 76% of owners and 70% of C-suite executives are confident in their organization’s SaaS security measures. That number goes down to 49% for vice presidents and even as low as 33% for managers.
In fact, 96% of IT leaders indicated that they are struggling to gain visibility into the SaaS applications running in their company despite feeling confident in their organization’s SaaS security as a whole.
There are multiple reasons this confidence discrepancy might happen within an organization. The first reason could be that senior leaders have a high level of confidence in their own executive leadership team and have visibility into security procedures that others don’t. The other reason might be that those lower down the chain are actually closer to the work and have a direct view into areas that might cause concern.
Top Concerns for SaaS Management in 2023
As mentioned above, a lack of visibility into SaaS applications was indicated as the top security concern for IT leaders and SaaS decision makers. In fact, 96% of IT leaders indicated that they are struggling to gain visibility into the SaaS applications running in their company despite feeling confident in their organization’s SaaS security as a whole.
Nearly half of all IT leaders surveyed indicated that they consider ‘employees adding new SaaS applications without notifying IT’ a challenge, and 32% indicated that they struggle to ‘understand why a team or individual needs a new SaaS application.’ The fact that most IT professionals said they feel confident in their company’s IT security yet struggle with these challenges suggests that there is a disconnect between these challenges and the risk that they bring.
Another overall IT security 2023 concern was cited as managing costs. Ranked as number five in overall importance by IT leaders when it comes to managing SaaS apps was ‘controlling the total cost of SaaS application investment.’ Other highly-ranked priorities including ‘identifying usage of all SaaS applications within our organization,’ ranked as number two, and ‘understanding why a team or individual needs a new SaaS application,’ ranked as number 3, ultimately impacting how an IT leader manages their company’s SaaS cost.
In order to even start to get back to a place of centralized ownership, however, companies will need to solve their technology visibility issues, allowing the IT leaders to see everything that is going on with technology in their company, even if they don’t own each piece of the puzzle.
Depending on the company, the person who owns the management and purchasing of SaaS apps and other security issues varies. According to survey respondents, the purchasing and managing of SaaS apps and mitigating security issues rest firmly within two groups. These groups are the CIOs/IT and ITAM/SAM teams. According to the survey, 39% say CIOs/IT leaders are responsible for purchasing and management, while 42% indicated that their ITAM/SAM teams hold that responsibility.
The interesting thing about this data is that the lower the individual was on the company’s power ladder, the more likely they were to rank their ITAM/SAM teams as responsible, while more senior roles ranked CIOs/IT teams as the primary group responsible for SaaS app management and security control.
It’s clear that IT leaders are no longer the sole technology gate keepers for their companies like they once were. Most IT leaders, however, would like to get back to the way it was before when they controlled every part of tech purchasing and SaaS app management. They especially feel this way during challenging times such as the current age of economic uncertainty and facing security risks that are more prevalent than ever before.
In order to even start to get back to a place of centralized ownership, however, companies will need to solve their technology visibility issues, allowing the IT leaders to see everything that is going on with technology in their company, even if they don’t own each piece of the puzzle. Creating this visibility is a necessity when working to keep a company’s data and technology safe. If you’re setting a plan for IT for this coming year, make increased visibility one of your top priorities.
Solutions for the Coming Problems
As we dive into IT planning in 2023 and all of the above listed challenges that IT leaders and SaaS managers are bound to face, everyone is searching for the right solution.
One possible solution is increased IT education for companies, but, according to the study, not everyone agrees. Only 56% of respondents said that they would propose creating SaaS app buying training for their employees with purchasing power if time, budget, and resources were not factors.
More than half of respondents between the ages of 18 and 54 see the need for SaaS app education, but just over one quarter of the respondents over 55 felt that SaaS app education should be a priority. So, while creating an IT education program might be worth a try for your company, you might experience some pushback, making it hard to see any real change.
Another solution for these common SaaS management issues is to make sure your company has clear ownership, visibility, and automation. Here’s what we mean by that:
• Clear ownership: when a single person or group is the explicit decision maker and action taker for a specific task. For example, unclear ownership is when no one is really quite sure who should give the new marketing hire the access they need to the apps they require to complete their job. In this case, clear ownership might look like the marketing manager walking through the SaaS onboarding process start to finish for every new marketing employee, ensuring that they safely receive all of the access they need and nothing they don’t.
• Visibility: how easy it is for a certain person or group to view data or information about a specific area of the company. In this case, ideal visibility is when the IT team can view any and all SaaS app details for the company, even if they aren’t the ones doing all of the provisioning and purchasing work.
• Automation: having processes in place that allow for easy and automatic changes to be made. For example, when it comes to SaaS security, creating an automation that removes a contractor’s access to certain apps after a certain amount of time would remove the risk of human error and forgetfulness and ensure that the company’s data is kept safe.
We’re not going to sugar coat it; the attempt to implement these three things and set up new IT processes company wide might cause a little tension at first. However, the best way to approach this is to normalize conflicting opinions on security posture and purchasing power, ownership, and security management. Once all opinions are on the table, you can develop an IT strategic planning process to work as a team to increase visibility for your IT leaders and come up with clear ownership and automation protocols that fit everyone’s needs and concerns.
Increasing Visibility for Your IT Leaders
Ultimately, the best first move you can make for your company’s IT security is to ensure that your IT leaders have total visibility to your company’s tech stack and SaaS apps. The best way to ensure this visibility is likely to use a SaaS management platform. At Lumos, we make this easy by bringing all SaaS information to one place.
With the click of a few buttons, your IT leaders can use Lumos to view all of the apps your company uses and review onboarding, offboarding, and other permissions changes. Not only does Lumos help your IT leaders keep your company safe, it also helps your company save money, by flagging unused apps and accounts, and save time, by keeping all SaaS information in one easy-to-access location. Click here to book a demo and see for yourself how Lumos can help your company’s SaaS app management and security thrive while working on your IT strategic planning for 2023.