New Data-Driven Study Reveals 40% of SaaS Data Access is Unmanaged, Creating Significant Insider and External Threats to Global Organizations

August 24, 2021

New York, NY – August 24, 2021

DoControl today announced a new report, Quantifying the Immense Risk of Unmanaged SaaS Data Access, which provides data-driven insights into the growing number of insider and external threats due to vast amounts of unmanageable data in today’s enterprises. Based on customer data, the findings clearly illustrate there is a magnitude of SaaS data exposure, with 40% of all SaaS assets unmanaged, providing internal, external and public data access. 

According to Gartner, global SaaS revenue will grow nearly 38% to more than $140 billion between 2019 and 2022. Although cloud-based applications dramatically increase the efficiency and productivity throughout an enterprise, there is a significant threat that is often underestimated by CIOs and CISOs - unchecked and unmanaged data access by the SaaS provider. And with the growing adoption of SaaS applications, this threat is growing exponentially, putting companies at greater risk for data leaks. 

As a benchmark, the average 1,000 person company stores between 500K and 10M assets in SaaS applications. Companies enabling public sharing may face up to 200,000 of these assets being shared publicly. DoControl aggregated and analyzed myriad data from its customer base. Below are key findings categorized by external and insider threats:

Insider threats:

  • Of the companies analyzed, an average of 400 encryption keys are shared internally to anyone with a link.
  • 20% of SaaS assets are shared internally with a link, exposing many employees to data points they are not authorized to consume.
  • 8% of employees share assets from their corporate with their personal accounts, exposing many former employees to ongoing company data.

External threats:

  • Between 1,000 and 15,000 external collaborators (vendors, contractors, customers, partners, prospects, media, analysts, etc.) have access to company data.
  • Between 200 and 3,000 external (specifically third-party) companies have access to company assets.
  • 18% of SaaS application assets are shared externally and remain shared externally even after deleting users.

“The past year forced many organizations to collaborate with many external parties and adjust their existing workforce to support remote collaboration,” stated Adam Gavish, CEO and Co-Founder of DoControl. “To date, security practitioners focused on enabling SaaS access in a secure manner, now is the time for them to prioritize the relevancy of this data access internally and externally.  Unmanageable data access poses a significant risk to any organization and increases the likelihood for a data breach. While SaaS apps are designed to promote collaboration, in this ever growing attack surface security teams must pay attention to ongoing data access at scale. DoControl is committed to helping organizations ensure no unauthorized person has access to company data without slowing down business enablement nor changing the end user’s day to day work.”

About DoControl:
Founded in 2020 and headquartered in New York, DoControl is an automated data access controls platform for SaaS applications, improving security and operational efficiency with ease for enterprises. DoControl is backed by investors RTP Global, StageOne Ventures, Cardumen Capital and global cybersecurity leader CrowdStrike's early stage investment fund, the CrowdStrike Falcon Fund. The company's leadership team combines product, engineering and sales experience across cybersecurity, enterprise and SaaS innovators. For more information, please visit Follow us on Twitter and LinkedIn.

The SaaS Security Threat Landscape Report

Research-based benchmarks to assess risk across critical threat model

Read now
DoControl - SaaS data access control - open blog button

Automated data access controls to improve security and operational efficiency with ease of use

See a live demo