Select Page

Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization’s external admin attempts to disable MFA for themselves. They don’t think to consult with the security team and don’t consider the security implications, only the ease which they need for their team to use their login.

This CRM, however, defines MFA as a top-tier security setting; for example, Salesforce has a “High Assurance Login Value” configuration and immediately locks out all users as a safety precaution. The entire organization hits a standstill and is frustrated and confused.

Deeply concerning, this is not a one-off event, admins for business-critical SaaS apps often sit outside the security department and have profound control. Untrained and not focused on security measures, these admins are working towards their departmental KPIs. For instance, Hubspot is usually owned by the marketing department, likewise, Salesforce is often owned by the business department, etc. Business departments own these apps because it’s what allows them to do their job efficiently. However, the paradox lies in the fact that it’s the security team’s responsibility to secure the organization’s SaaS app stack and they cannot effectively execute this task without full control of the SaaS app.

The 2022 SaaS Security Survey Report, run by CSA and Adaptive Shield, delves into the reality of this paradox, presenting data from CISOs and security professionals today. This article will explore important data points from the respondents and discuss what the solution for security teams could be.

Learn how your security teams can regain control of all SaaS apps.

SaaS Apps in the Hands of Business Departments

Across a typical organization, a wide array of SaaS apps are used (see figure 1), from cloud data platforms, file sharing and collaboration apps to CRM, project and work management, marketing automation, and a whole lot more. The need for each and every SaaS app fills a certain niche role required by the organization. Without the use of all these SaaS apps, a business could find itself lagging or taking more time to achieve its KPIs.

images from Hacker News