The top four SaaS security issues in 2020

The US Department of Defense (DoD) has 3 million employees and 4,800 locations in 160 countries. The IT requirements of an organization like the US Department of Defense are–to put it mildly–unique. So, it came as a surprise to many in the space when the DoD announced they would be transferring IT resources to the cloud in April of 2019.

The DoD’s decision underlines just how ubiquitous cloud-based technology has become. It’s no longer “if,” but “when” and “how” to move to the cloud. While there are still a few stragglers in the large enterprise space, SMEs have embraced the cloud––and in particular SaaS applications––wholeheartedly. Just take a look at the percentage of companies that will be running purely on SaaS by 2022.

Source: Superoffice


This adoption of SaaS products makes sense for several reasons. SaaS applications are often the most affordable and attractive option out there for SMBs. They often lead to lower CapEx and operational overhead, while also offering quick deployment compared to on-premise software. It’s a winning combination.


SaaS Security Issues

It’s no surprise then that with near-universal SaaS adoption, SaaS security issues have increased too. As mentioned above, SaaS products are relatively straightforward to deploy, and therefore individual business units within a company can often procure them without oversight from IT or security teams. According to one study conducted by Frost & Sullivan and sponsored by McAfee, more than 80% of respondents use non-approved SaaS applications in their jobs.

As the number of SaaS tools in an organization explodes, so too does the opportunity for inconsistent and problematic security policies. If you have an inkling that this is happening in your organization, it’s not too late to get a handle on it. Here are four SaaS security issues that need to be top-of-mind in 2020.

  1. Data Breaches
  2. Employee Risks
  3. Phishing
  4. New Malware


Data Breaches

In 2016, an attack compromised 68 million Dropbox user accounts. The attackers exploited an improperly secured employee password to obtain email addresses and hashed and salted passwords from breached accounts that were created in 2012 and earlier. Dropbox is just one example of the many high-profile breaches that have occurred in the last decade.

The nature of data stored in SaaS applications makes data breaches particularly problematic: This data often includes financial information, customer data, intellectual property, and other sensitive information. In light of this, SaaS suppliers and customers should ensure that they have in place appropriate technical and organizational measures to keep personal data safe and a protocol for responding to breaches if they do occur.


Employee Risks

Another SaaS security issue is the loss of data access control: The IT department no longer has complete control over which user has access to what data and the level of access. Employees may accidentally delete data resulting in data loss or expose sensitive data to unauthorized users resulting in data leakage. The darker side of employee risk involves acts with malicious intent. The results are devastating.

In one of the most high profile intrusions to date, South Koreans learned in January 2014 that data from 100 million credit cards was stolen over several years. What ensued was chaos. More than 2 million South Koreans subsequently had their credit cards blocked or replaced. What followed for the organization was senior executive resignations, government investigations, and financial loss.

Behind the theft was an employee of the Korea Credit Bureau (KCB), a solvency company. While one would imagine a highly sophisticated operation, he merely copied the data to an external hard drive. He then resold the data to credit traders and telemarketing companies.



Phishing is a hacking method in which the attacker sends a malicious message, usually an email, but sometimes a text message, Skype, or Slack message. Phishing attacks have become the primary hacking method used against organizations. Phishing attacks targeting SaaS applications exploded by 237%.

One of the most well-known examples of phishing occurred during the 2016 US presidential election, when former White House chief of staff and the chairman of Hillary Clinton’s campaign, John Podesta, had his personal Gmail account hacked.

These attacks aim to use the familiarity users have with the SaaS platform to trick them into handing over other credentials, creating an interaction that results in widespread credential theft. Just take a look at the email that tricked Mr. Podesta.

New Malware

Malware propagation is a significant SaaS security issue and a constant threat to SaaS applications. With SaaS applications acting as storage clouds, they become an effective distribution medium for malware. On average, one in three corporate instances of SaaS apps contained malware, and Microsoft OneDrive had the highest rate of infection at 55%.


Managing the Top SaaS Security Issues

Increased organizational awareness of these SaaS security issues can ensure mitigating and eliminating them. Assessing risks and implementing intelligent controls helps to enhance the security of your SaaS applications.

Many companies focus on asking questions about SaaS security during the sales process. Given the evolving threat landscape, it’s crucial to ensure you assess the threats from emerging technologies and cyber threats.

You don’t have to go it alone: With a SaaS application management platform like Augmentt, you can easily track usage of unauthorized SaaS applications to enforce SaaS security policies.


Want to learn more, please check out our SaaS Security eBook.

Derik Belair

As President and CEO, Derik leads the vision, strategy and growth of Augmentt. Prior to founding Augmentt, Derik was the Vice President at SolarWinds, leading the digital marketing strategy for SolarWinds’ Cloud division. Derik has been working in the channel for over 20 years, starting his career as a channel sales rep at Corel Corp. and eventually becoming the first employee at N-able Technologies in April of 2000.
SUBSCRIBE for more resources
Related Content

Agent and Agentless

    When it comes to Augmentt Discover, we believe in flexibility and power. Augmentt Discover can collect SaaS usage data using both an Agent and Agentless model. Here is a quick [...]

    Product Evaluation Guide

      Thank you for starting your Augmentt Product Evaluation and Trial   Here are a few resources that will help you through this technical process. Support Technical Support is available to [...]
      Augmentt is a centralized SaaS security platform built for MSPs to deliver scalable managed security services for Microsoft and cloud apps. Our multi-tenant platform gives you visibility across all your end-users to easily audit, protect and detect security threats for a holistic approach to cyber security.

      Want to get the latest resources in Saas Security?

      Join our mailing list and we’ll only send you value-add content.