2021 SaaS Risk Report Reveals 44% of Cloud Privileges are Misconfigured

Cloud apps make collaboration a breeze, but unless you’re keeping a close watch on identities, behavior, and privileges across each and every SaaS and IaaS you rely on, you’re a sitting duck.
Rob Sobers
1 min read
Last updated January 17, 2023

Cloud apps make collaboration a breeze, but unless you’re keeping a close watch on identities, behavior, and privileges across each and every SaaS and IaaS you rely on, you’re a sitting duck.

The cloud blurs the lines between personal and corporate accounts and non-admin users can break least privilege with the click of a “share” button. Securely offboarding contractors and employees from dozens of  SaaS apps is error prone and often results in shadow identities that attackers prey on.

If you’re not watching closely, users can silently copy, delete or expose your mission-critical data to just about anyone. And that data can be anything from your Salesforce customer list, your source code in GitHub, and your documents in Box and Google Drive.

To paint a picture of data risk across fragmented SaaS and IaaS environments, we created the 2021 SaaS Risk Report. We gathered and analyzed data from over 200,000 cloud identities and hundreds of millions of cloud assets for the report.

Our goal: to uncover key risks organizations face when trying to control unsupervised identities and shadow privileges that can put data at risk.

Here are just a few key findings:

  • Nearly 44% of cloud privileges are misconfigured.
  • 3 out of 4 cloud identities for external contractors remain active after they leave.
  • 3 out of 5 users are shadow admins.
  • 15% of employees transfer business-critical data to their personal cloud accounts.

👉Read the full report: 2021 SaaS Risk Report

🤔How did we get all this insight? It’s all thanks to DatAdvantage Cloud, our new cloud-hosted solution that protects your mission-critical SaaS applications and cloud data stores: AWS, Box, GitHub, Google Drive, Jira, Okta, Salesforce, Slack, and Zoom.

 👋Want to see how your SaaS and IaaS instances are putting you at risk? DatAdvantage Cloud visualizes and prioritizes your biggest risks so you can proactively reduce your blast radius. Request your tour today at https://info.varonis.com/cloud-demo

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

reconnect---meet-datadvantage-cloud
ReConnect - Meet DatAdvantage Cloud
Varonis introduced an exciting new cloud-hosted solution that brings our data-centric security approach to AWS, Box, GitHub, Google Drive, Jira, Okta, Salesforce, Slack, and Zoom!
reconnect---ways-attackers-sidestep-your-endpoints
ReConnect - Ways Attackers Sidestep Your Endpoints
One of the age-old questions in cybersecurity is, “Are my endpoint controls enough?” Spoiler alert, unfortunately not! Kilian and Brian discuss scenarios we’ve seen where sophisticated attack groups deliberately leverage...
salesforce-misconfiguration-causes-sensitive-data-leaks
Salesforce Misconfiguration Causes Sensitive Data Leaks
Brian Krebs recently reported that an alarming number of organizations—including banks and healthcare providers—are leaking sensitive information due to a misconfiguration in Salesforce Communities.
attack-lab:-spear-phishing-with-google-drive-sharing
Attack lab: Spear Phishing with Google Drive Sharing
Follow along as we show you how scammers are spear phishing with Google Drive sharing to avoid traditonal SPAM filters in Gmail that catch their scams