60% of IT Leaders Plan to Retire SaaS Apps Over Security Concerns

Archive360 Survey Reveals Inherent Concerns with Current State of SaaS Cloud Security, Data Access, Control, and Privacy

NEW YORK, December 11, 2019 -- Archive360®, the archiving and information management platform trusted by enterprises and government agencies worldwide, today announced the findings of a survey examining the current security protocols among SaaS vendors. The research, completed by Pulse Q&A, surveyed more than 100 enterprise IT executives worldwide, to identify the leading security challenges they face with their SaaS vendors. Their responses revealed widespread concerns with lax security protocols and accountability, proprietary data encryption and loss of independent control due to access limitations.

Overall, those surveyed said they are troubled by the current level of security and accountability provided by their SaaS vendors. Nearly two-thirds are so concerned that they intend to retire applications that do not provide the level of security control they want.

Further, nearly all executives surveyed stressed the importance of maintaining ownership of their own encryption keys. Yet in third-party SaaS private cloud deployments, the SaaS vendor (not the enterprise) maintains access to and ownership over encryption keys. In fact, only 26 percent of those surveyed stated that they have control of their encryption keys, and 74 percent stated that control is maintained entirely by their SaaS vendors. This risk is compounded by the fact that many vendors often use the same encryption keys for multiple customers. When companies unlock data for one customer using keys that also protect other customers’ archives, they are exposing other tenants’ data to potential risk.

As one Director of IT at a large U.S.-based manufacturing company commented, “I’ve seen too many strong companies go out of business, and have also audited our vendors and seen great vendors fall out of compliance. Having them in control is just one more additive risk.”

When asked about their top worries when it comes to encryption key ownership and access, IT executives listed the following:

• “Loss of independent control of data security.”
• “Concern of my privacy.”
• “Past history of compromises.”
• “Trust for data breach and confidentiality of data.”
• “Potential conflict with my company’s standards.”
• “Without internal controls, you do not know where the information goes.”

“In light of the widespread threats of increasingly sophisticated malicious cyber groups, and corporate risk relating to global data privacy laws, IT teams are under immense pressure to plug any holes in their security practices and mitigate all vulnerabilities,” said Tibi Popp, Co-Founder, and CTO, Archive360. “The positive news is that our survey shows that IT executives not only understand the importance of security as it relates to today’s SaaS applications, but that they are taking swift and necessary steps to protect their enterprises by retiring these applications as quickly as possible.”

Additional findings from the survey include:

• Nearly all executives surveyed (92 percent) believe they will require SaaS vendors to provide more tailored and flexible security options in the future.
• Only 19 percent of respondents said 75 percent or more or more of their SaaS vendors meet all of their security requirements.
• Seventy percent of companies said they have made at least one security exception for a SaaS vendor. 

This survey was conducted by Pulse Q&A.  Participants were IT executives at enterprises based in North America, EMEA, and APAC. For more information, download the infographic “Security Requirements for SaaS Vendors.”

About Archive360

Archive360 is the enterprise information archiving company that businesses and government agencies worldwide trust to securely migrate their digital data to the cloud, and responsibly manage it for today’s regulatory, legal and business intelligence obligations. This is accomplished by applying context around the search, classification, and indexing of data including files, videos, and emails—all while allowing organizations to maintain full control over privacy, access, and compliance. Archive360 is a global organization that delivers its solutions both directly and through a worldwide network of partners. Archive360 is a Microsoft Cloud Solution Provider, and the Archive2AzureTM solution is Microsoft Azure Certified. To learn more, please visit www.archive360.com.