Virtualization Technology News and Information
Archive360 2020 Predictions: Enterprise IT execs to retire SaaS apps because of security fears

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Tibi Popp, CTO, Archive360

Enterprise IT execs to retire SaaS apps because of security fears

Security incidents are happening every day-including more than 2,000 major confirmed data breaches in 2018-and successful attacks on cloud-based email systems have risen sharply. Companies of all sizes are already paying huge fines from E.U. regulators and facing expensive litigation from data-subjects for GDPR violations. All while companies are working to figure out how to comply with the new California Consumer Privacy Act (CCPA). In light of the widespread threats of increasingly sophisticated malicious cyber groups, and corporate risk relating to global data privacy laws, IT departments must understand the numerous vulnerabilities inherent in third-party SaaS private cloud archiving platforms. As more breaches of SaaS platforms occur (i.e., the Capital One breach of 2019), many organizations will reevaluate their cloud choices.

To shed light on the current state of security capabilities among SaaS email archiving vendors, and IT's feelings on the matter, Archive360 conducted a study of 100 IT executives in enterprises based in North America, EMEA, and APAC. The survey found that only 19 percent of respondents said 75 percent or more of their SaaS vendors meet all of their security requirements. 

This research also showed that nearly two-thirds of organizations are so troubled by these issues that they intend to retire applications that do not provide the level of independent security control they want. 

Further, nearly all executives surveyed stressed the importance of maintaining ownership of their own encryption keys. Yet in third-party SaaS private cloud deployments, the SaaS vendor (not the enterprise) maintains access to and ownership over encryption keys. In fact, only 26 percent of those surveyed stated they have control of their encryption keys, and 74 percent stated that control is maintained entirely by their SaaS vendors. This risk is compounded by the fact that many vendors often use the same encryption keys for multiple customers. When companies unlock data for one customer using keys that also protect other customers' archives, they are exposing other tenants' data to potential risk. 

As one director of IT at a large U.S.-based manufacturing company commented, "I've seen too many strong companies go out of business, and have also audited our vendors and seen great vendors fall out of compliance. Having them in control is just one more additive risk."

A vice president of IT at a U.S.-based arts, entertainment, and recreation company stated, "I am uncomfortable with SaaS providers maintaining control because it creates an opportunity for exploitation by subcontracted vendors."

Looking at this data, I expect we'll see a significant shakeout emerge in the SaaS industry in the coming year. As enterprises face increasingly stringent privacy regulations, comply with new privacy regulations like CCPA, apply more necessary security controls, and optimize their digital transformation projects, SaaS vendors will find themselves under scrutiny. The impact will be greater than just security related: think of all those digital transformation projects that rely on SaaS vendors. 


About the Author

Tibi Popp 

Tibi Popp has more than 20 years of experience with enterprise-level email and document messaging systems, archiving, and compliance. As Chief Technology Officer at Archive360, Inc, I envision the next generation big data migration and compliance archive platform using machine learning, AI and cognitive services. Tibi speaks four languages fluently.

Published Wednesday, January 29, 2020 6:17 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2020>