SaaS applications have become embedded in business, with 74% of respondents in a global Axionius survey reporting that more than half of their applications are now SaaS. However, the rush to the cloud has brought with it an imbalance between spending and security. SaaS spending is up—66% of Axionius respondents are spending more—while SaaS security ranks fourth or lower on enterprises’ list of security priorities. In the SMB space, however, with budgets and staff already tight, organizations are coming to the realization they need to move SaaS security up on the priority list to prevent damaging data breaches they cannot afford. In a recent survey on the SaaS technology buying process, SMBs were asked what criteria is most important in selecting SaaS applications. Security (70%) was the highest priority, with proven technology second at 61%.
The SMB Business Opportunity
The latest statistics from Verizon indicate that SaaS applications are, in fact, becoming more of a contributor to cyberthreats. The Verizon 2022 Data Breach Investigations Report finds that 40% of ransomware incidents involve desktop sharing software. Popular SaaS applications like Microsoft Office 365, Salesforce, or even Zoom or Slack, are an entry point for breaches and ransomware.
The reality is SaaS applications are not inherently secure, and SaaS providers cannot be relied upon or expected to provide all the needed security. To serve their SMB customers, channel pros should look to add partner solutions that can bring efficient, automated security, visibility and monitoring, and improved cloud application management to their stack.
Managed service providers can resell the solution to their end-user customers who are struggling with staff shortages, cloud misconfigurations, and the nagging sense they aren’t keeping up with the security protection needed for the explosive number of SaaS applications. The endgame will be a more secure SaaS environment for the customer, a new means of monetizing SaaS security services for the channel, and a way to differentiate one MSP’s offering from another. Plus, MSPs will receive a perceived uptick in value on the part of their end-user customers.
Automation and Visibility Are Key
In seeking partner solutions to add to their stack, MSPs, like the SMB organizations they serve, are having to conserve limited staff time. They do not have the resources to manually review scores of SaaS-related security settings. They want an automated SaaS security solution that will help them improve security for their customers without adding more management time to their day.
A good example of the need for more security is Microsoft 365, a main target of cybercriminals with millions of incidents each day. An automated system that monitors Microsoft 365 applications can detect suspicious events and trigger alerts to help eliminate threats before sensitive data is stolen or corrupted. Log monitoring, for example, can be used to learn about potential threats and discover events that lead to a security breach. Monitoring alerts can detect when a user logs in from different locations that are impossibly far apart to travel to within a given time frame, when a new inbox rule is created on a user’s account, or when there are excessive failed login attempts.
These incidents can be automatically rolled up into reports for analysis to identify key vulnerabilities in an SMB’s SaaS application usage. The threat reports can serve as an educational tool for solution providers to demonstrate to customers the need for an enhanced security service.
Another important benefit of an automated SaaS security solution is it gives MSPs an efficient way to monitor compliance with the customer’s multifactor authentication (MFA) policies. Automated reports can identify who is not using MFA and generate tickets and alerts for compliance violations. Audits can also be conducted to monitor MFA configuration and further pinpoint areas in which insufficient privilege management and access controls present risk.
Become a SaaS Application Security Partner
Channel pros have an opportunity to monetize SaaS security services. Their advantage is they know the SaaS application space and can, through automation, quickly add value to a customer’s cloud compute environment. By adding SaaS security to their stack, MSPs can scale their business and grow revenue at a time that budget scrutiny will most certainly continue.
On an operational level, MSPs can use automated threat reports and audits to show numerical proof that they are adding value. They can help strengthen threat defense by remote monitoring, saving time for their SMB customers and themselves.
As a trusted security partner, MSPs can also educate their customers on overall best security practices and preventive measures.
Looking to 2023, cloud migration and SaaS spending will continue despite inflationary pressures. Gartner estimates all aspects of public cloud services to increase 20.7% to a total $591.8 billion in 2023. Within that figure SaaS cloud application services will grow 16.8%, an estimated $195.2 billion—topping the spend categories in the Gartner list.
SaaS spending is a juggernaut. Managed IT service providers who start now to add application security to their stack will be able to reap some of the monetization benefits from this trend.
DERIK BELAIR is president and CEO of Augmentt, leading the company’s vision, strategy, and growth. Prior to founding Augmentt, Belair was vice president of marketing at SolarWinds, where he led the digital marketing strategy for the company’s cloud division. He joined SolarWinds through the acquisition of N-able Technologies, a company he helped build and sell to SolarWinds in 2013. Belair has been working in the channel in a senior leadership role for over 20 years, having been through the IPO process and several acquisitions.