Jump To Top


40% of SaaS data access is unmanaged and publicly exposed

The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!

The report revealed that up to 40% of their SaaS data access is unmanaged, which means that anyone with a private or public link can expose the data to thousands of external collaborators whose relevancy is unknown, according to a new report by DoControl.

The report serves as a wake up call for CISOs, CTOs, and CIOs who are currently unaware of the internal and external threats facing their unmanaged data in SaaS applications. Clearly, this poses a significant risk to the organizations that house this data and exponentially increases the likelihood of a data breach. The most surprising takeaway from the report, which is based on aggregated, anonymized US customer data, is that companies are unaware of how much data access is still afforded to former employees, former vendors, and former partners.

On average, a 1,000-person company stores between 500,000 to 10 million assets in SaaS applications, and companies with unmanaged data may be allowing up to 200,000 of these assets to be shared publicly. DoControl aggregated and analyzed the data from the report and sorted the findings into internal and external threats.

In terms of insider threats, an average of 400 encryption keys and 20% of SaaS assets are shared internally to anyone with a link, exposing many employees to data points that they are not authorized to view. In regards to external threats, between 1,000-15,000 external collaborators and 200-3000 third-party companies have access to company assets, and 18% of SaaS application assets that are shared externally remain accessible even after deleting users.

Read the full report by DoControl.


  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Source: Read Full Article