行业研究公司研究宏观策略财报招股书会议纪要海南封关低空经济 DeepSeek AIGC 大模型

2025年SaaS安全现状调查报告

信息技术2025-04-22CSA GCR程***

AI智能总结

核心观点与关键数据

SaaS安全优先级提升：86%的组织将SaaS安全列为高优先级，76%增加预算，79%对现有方案有信心。重点领域包括威胁检测（50%）、安全态势管理（47%）和应用程序发现（31%）。
敏感数据面临风险：63%存在外部数据过度共享，56%将敏感数据上传至非授权应用。41%未有效执行最小权限访问策略，56%担忧第三方和AI工具的过度授权API访问。
去中心化采用与管理：55%员工未经安全部门批准采用SaaS，57%报告管理分散。44%在非IT/安全部门管理SaaS时面临挑战，41%指出与业务部门协作是主要障碍。
身份管理挑战：58%难以执行权限管理，54%缺乏身份生命周期管理自动化，56%存在非人类身份（NHI）监控难题，46%报告NHI权限管理困难。
盲点与策略不足：46%难以监控NHI，56%担忧过度授权API访问。69%依赖供应商原生工具，43%依赖通用解决方案（如CASB），46%依赖手动审计。79%的组织对现有方案有信心，但策略常碎片化、被动。

研究结论

尽管SaaS安全优先级提升，但核心挑战（可见性、身份、治理）依然存在，需要更统一、专业的解决方案。
数据过度共享、访问控制薄弱、去中心化采用、身份管理不力、NHI与集成管理缺失，共同构成安全风险。
当前工具和策略（如手动审计、供应商原生工具、通用解决方案）无法满足全面安全需求，导致策略碎片化、反应式。
组织需转向更集成、主动的策略，涵盖发现、态势管理、威胁检测、身份安全和修复能力，以应对日益复杂的SaaS环境。

© 2025 Cloud Security Alliance – All Rights Reserved. You may download, store, display on yourcomputer, view, print, and link to the Cloud Security Alliance athttps://cloudsecurityalliance.orgsubject to the following: (a) the draft may be used solely for your personal, informational, non-commercial use; (b) the draft may not be modified or altered in any way; (c) the draft may not beredistributed; and (d) the trademark, copyright or other notices may not be removed. You may quoteportions of the draft as permitted by the Fair Use provisions of the United States Copyright Act,provided that you attribute the portions to the Cloud Security Alliance. Acknowledgments Lead Author Hillary Baron Contributors Marina BregkouJosh BukerRyan GiffordAlex KaluzaJohn Yeoh Graphic Design Claire LehnertStephen Lumpe About the Sponsor Valence finds and fixes SaaS risks. The Valence platform discovers, protects, and defendsSaaS applications by monitoring shadow IT, misconfigurations, and identity activities throughunparalleled SaaS discovery, SSPM, and ITDR capabilities. Recent high-profile breaches highlighthow decentralized SaaS adoption creates significant security challenges. With Valence, securityteams can control SaaS sprawl, protect their data, and detect suspicious activities from human andnon-human identities. Valence goes beyond visibility by enabling security teams to remediate risksthrough one-click remediation, automated workflows, and business user collaboration. Trusted byleading organizations, Valence ensures secure SaaS adoption while mitigating today’s most criticalSaaS security risks. https://www.valencesecurity.com Table of Contents Acknowledgments...............................................................................................................................3Lead Author...................................................................................................................................3Contributors..................................................................................................................................3Graphic Design..............................................................................................................................3About the Sponsor........................................................................................................................3Executive Summary.............................................................................................................................5Key Findings........................................................................................................................................6SaaS Security Is a Growing Priority as Organizations Ramp Up Investment..................................6Sensitive Data in SaaS Is at Risk Due to Poor Visibility and Weak Access Controls........................8The Rise (and Risks) of Decentralized SaaS Adoption and Management........................................9Human Identity Management in SaaS Remains a Persistent and Expanding Security Challenge..11Non-Human Identities & SaaS-to-SaaS Integrations Are an Expanding Security Blind Spot.........13Overconfidence in Current SaaS Security Strategy Masks Gaps..................................................14Conclusion: SaaS Security Is a Work in Progress................................................................................17Full Survey Results.............................................................................................................................18Overview.....................................................................................................................................18SaaS Security Program.................................................................................................................19Priorities and Challenges.............................................................................................................21SaaS Discovery............................................................................................................................23SaaS Security Incidents................................................................................................................24SaaS Detection and Response.....................................................................................................26Demographics...................................................................................................................................27Survey Methodology and Creation....................................................................................................28Goals of the Study.......................................................................................................................28 Executive Summary Software-as-a-Service (SaaS) applications have become foundational to business operations, andorganizations are responding with greater investment and attention. Yet, the 2025

点击免费查看完整报告

你可能感兴趣

2025年SaaS安全现状调查报告

核心观点与关键数据

研究结论

你可能感兴趣

saas安全现状调查报告

2024年度SaaS安全调查报告

2022 年 SaaS 安全调查报告

2022 SaaS 安全调查报告

2022年SaaS安全调查报告