If you watched television in the eighties, you would have seen an announcer appear on the screen just before the late news, saying, “It’s 10 o’clock. Do you know where your children are?”. It was meant to remind parents to respect a kids’ curfew that was in place at the time. Today, the question might as well be, “It’s SaaS o’clock. Do you know where your data is?”. The proliferation of Software-as-a-Service (SaaS) applications is wreaking havoc on data security and compliance.
The SaaS Boom
If you feel as if you are seeing more SaaS in your workplace than you used to, you are definitely onto something. The average company was using eight SaaS applications in 2015. By 2017, that number had doubled. From 2017 to 2020, the number of SaaS apps in use at the average American company leaped to 80. Some sources suggest a more accurate number would be well over 100 SaaS apps per organization. That’s a lot of SaaS, and the practice is starting to cause some significant data management and data security challenges.
Data sprawl: Your data can be anywhere
SaaS use leads to data sprawl. Customer data might reside in a SaaS-based Customer Relationship Management (CRM) system. Employee data could be sitting in a SaaS Human Resources (HR) app. Intellectual property (IP) could be stored on a cloud storage volume, and on and on. These providers probably have decent security, so the issue isn’t so much a breach at the provider level. The problem is one of data governance. You likely don’t know where your data is. And, if you think you do, you’re probably wrong. There are simply too many people moving data into too many different SaaS applications for anyone to keep track of.
Your data is being dispersed in new, unexpected ways
Flexibility in user access, one of the great strengths of the SaaS model, can, unfortunately, contribute to data chaos and insecurity. If an employee subscribes to a SaaS application using a credit card, an increasingly common practice that bypasses IT department control and procurement processes, he or she could easily move data out onto the cloud without anyone knowing it.
Alternatively, simple emailing of files or posting documents on cloud volumes like Google Drive puts data outside the company’s control and sphere of awareness. Worse, the data could easily be shared with unknown third parties. As an example, imagine that a sales representative inadvertently shares sensitive IP, like drawing for a patent, with a potential client. Or, she sends it to a vendor by email. A contractor could gain access to it on a cloud volume and then pass it along to… who knows? It’s not a secure situation.
Solving the loss of control that comes with SaaS
A new generation of data security solutions enables you to address your loss of control over SaaS data. These solutions are typically driven by artificial intelligence (AI) and automated search functionality that methodically crawls through your entire IT estate and SaaS implementations—looking for data and categorizing it so you know what you have, and where it is. Using such a solution is guaranteed to generate some surprises, along the lines of “Wow, I don’t know that was there,” and the like. The best practice is to engage in discovering, categorizing, and protecting data in SaaS now, rather than waiting for a leak or other security crisis to make you aware of the problem.
Lee Kappon is a data security expert and was listed on Forbes’ 30under30 list. She is the CEO & Co-Founder of Suridata, a startup company that is developing the next-generation data protection solution.
Forbes Israel Contributors are independent writers that were individually picked by Forbes staff. The writers are experts in their field and they provide professional commentary and analysis of current events. The content is unsponsored.