HYCU SaaS Resilience Report: Adoption High, Security Gaps Linger

Data protection vendor HYCU recently released the findings of their State of SaaS Resilience in 2024 report. The report is based on survey results from over 400 “decision makers with influence over IT and data protection from France, Germany, Japan, Netherlands, Singapore, the UK, and the US.”

SaaS apps remain popular, but not always fully visible

According to data presented in the report, the average mid-sized enterprise has about 200 SaaS applications utilized throughout daily workflows, nearly all of which access and create sensitive data. However, the leaders surveyed self-reported 10x fewer than that average number of applications, highlighting the growing threat of what is sometimes called shadow IT.

Shadow IT refers to the growing number of technology and tools, including SaaS applications, that are utilized by employees within an organization but are not monitored, maintained, and in some cases even known to be used by IT and other teams. The problem, as noted in the report, with shadow IT is that something cannot be properly protected if it is not known to exist.

This is not a new problem; in fact, Channel Insider was reporting on the increasing sprawl of unknown tech as early as 2015. The problem has only compounded in the years since as adoption has continued to rise.

Reliance on vendor backup and lack of skilled IT present resiliency challenges

The report also shares an alarming truth about how enterprises are approaching backup and recovery planning for their SaaS applications. 41% of all business leaders surveyed reported they were relying on the vendor to provide the backup for their own products, meaning the only layer between runtime and downtime for nearly half of all businesses is coming from the creator of the technology. As the report states, this opens organizations up to the possibility of extended downtime: If the vendor is breached or otherwise inoperable, then not only is the solution itself down, but the backup might not be available either.

A lack of skilled IT talent also continues to hinder security efforts at many enterprises. Almost half (43%) of those surveyed reported they felt a lack of skilled talent was the reason their SaaS technology was not properly secured.

Gaps in awareness, preparation are leaving businesses at risk

All of the above information points to some significant security and recovery issues at the heart of enterprise SaaS adoption and continued use. According to the report, of those surveyed, 42% have implemented reporting capabilities on SaaS protection for regulatory purposes; 43% have recovery plans for SaaS data; and 45% have disaster recovery plans in place. This, of course, means that less than half of the businesses included in the report are fully prepared for not only disaster events but standard regulatory needs and the constant threat of a ransomware attack or breach as well.

Finally, the report also asked the organizations about their capability to restore SaaS tools and data if an event should occur. Perhaps not surprisingly, most have little faith they would be able to complete a restoration within hours, but 71% do feel confident that their data would be restored within a day.

Channel partners step in to help, but need to be aware of enterprise risks

Enterprises of all sizes work with MSPs, VARs, and other channel partners to shore up security, get ahead with emerging technologies, and keep their businesses operating efficiently. However, that doesn’t mean there is anything close to market saturation yet. Of all the businesses surveyed for HYCU’s report, only 19% reported working with an MSP on their continuity strategy.

Further, the report also asserted that many enterprises are not fully aware of the shared responsibility models many vendors include in their contractual agreements. Meaning the organizations might not be fully aware of what falls under their responsibility and liability when there are outages or attacks.

Service providers can approach SaaS adoption and shadow IT as opportunities for new or extended revenue streams and help enterprises improve their resiliency.

Read more about the different sales models MSPs can choose to use in their business and how to choose the best for your goals in our guide to selling.