Research Brief: A Risk-Based Approach to SaaS Security

A Risk-Based Approach to SaaS Security

SaaS Security Research Brief

By John Filitz, Sr. Tech Product Manager @ AppOmni &
Harold Byun, Chief Product Officer @ AppOmni

Executive Summary

This SaaS Security Research Brief is intended for security and risk leaders concerned with keeping their organization’s Software-as-a-Service (SaaS) estate and associated data safe and secure.

The research brief calls for a risk-based prioritization of SaaS security alongside other cloud security use cases – typically focused on public cloud infrastructure, platforms and workloads. The case for prioritizing SaaS security risk is underscored by the extent of current and expected SaaS adoption – with SaaS services being the leading driver of public cloud adoption since 2016. Not only is SaaS being adopted at an unprecedented pace, but it is fast becoming the de facto operating system for the modern enterprise.

Due to recent innovation in cybersecurity with the development of SaaS Security and Posture Management platforms, the extent of risk that SaaS represents is, for the first time, observable, and quantifiable. These solutions enable unparalleled observability, continuous monitoring and control over the entire SaaS estate, and are quickly becoming an essential component to addressing SaaS security risk, comprehensively, and at scale.


This SaaS Security Research Brief provides an overview of the current state of SaaS security, its growing importance from an attack surface perspective, and the need for a SaaS-inclusive, risk-based approach to addressing cloud security. The argument hinges on the increasingly significant role SaaS is playing in driving public cloud adoption and its growing importance within the enterprise. It also draws attention to the increasing frequency of SaaS breaches, the limitations of legacy cloud security tooling, and information asymmetries in cyber risk modeling. Finally, it underscores the need for a SaaS Security Posture Management Platform as part of a dedicated SaaS Security Program.

Download the full report for:

Key Takeaways
SaaS Breach Vulnerability
SaaS Data Criticality
SaaS Cyber Risk Prioritization

More Interesting Guides