Who Owns SaaS Identity Risk Management, Anyway?
Security Boulevard, Wednesday, October 23rd, 2024
The current state of SaaS security is sometimes like a game of hot potato-everyone knows it's critical, yet no one wants to hold onto the responsibility long enough to claim ownership. SaaS apps are multiplying at a rate that IT and security teams can barely keep pace with.
Meanwhile, identity and access management (IAM) teams focus on identity governance of known applications, not the hundreds (or thousands) of shadow SaaS applications organizations use.
The irony is glaring: SaaS is now an essential business enabler, yet securing it is treated like an afterthought. Businesses expect IT departments to manage every app, but in reality, IT teams are overwhelmed. Shadow IT, driven by individual teams and departments who choose convenience over compliance, only adds to the chaos. And shadow AI is throwing another wrench into the mix-how do you govern access and usage of AI-powered SaaS tools when you don't even know which ones your teams are using?