2023 SaaS security predictions

The use of SaaS has ballooned in response to the demands of modern work and the hyperspecialization of business. Additionally, location changes have also changed how employees communicate with colleagues and customers, giving rise to a host of new collaboration and platform tools—all of which are ultimately controlled by a SaaS solution (or two or three or more).

And these trends show no sign of slowing down. Gartner forecasts $176.6 billion in SaaS spending in 2022. With all of this in mind, let us take a closer look at predictions for SaaS in 2023.

SaaS For Vertical Industries

For over a decade, SaaS solutions have been masterful generalists. However, with the continuous specialization of SaaS, it was inevitable that SaaS would become more industry-vertical specific, enabling organizations to adopt SaaS uniquely designed for their needs, as we see with electronic health records within the healthcare sector. Although many industry-cloud (vertical SaaS) solutions have existed for years, I expect this to grow substantially, accounting for a significant portion of the overall $170-plus billion SaaS spend.

Decoupling And Unbundling

Often, SaaS is delivered in bundled form—pairing various capabilities into discrete packages, usually characterized by giving users more features in higher tiers (and higher prices). In recent years, SaaS providers started to realize this challenge and have adapted pricing and packaging models for customers to be more selective on which features they find valuable. This approach to mixing and matching SaaS features leads many SaaS providers to unbundle packages.

With nearly half (47%) of organizations citing vendor lock-in as a challenge to SaaS adoption, I expect this trend to continue, especially in the wake of financial and economic downturns—a time when SaaS providers, funded so often by venture capital, will become increasingly flexible to retain and attract new customers with personalized value-based feature sets, pricing and packaging.

The Rise Of Micro-SaaS

While maintaining market share can motivate SaaS vendors to unbundle packages, the rise of micro-SaaS is mostly driven by the need to survive. Many SaaS providers have not established themselves in the market and rely on niche SaaS, such as add-ons and pairings with larger, more strategic SaaS solutions. Just think of all the app stores for Salesforce, Workday and ServiceNow, and browser extensions seemingly outnumbering the sands of the Sahara.

As of 2021, there were over 175,000 extensions (including themes) available for installation from the Chrome Web Store, and only 45 of these were developed and supported by Google. The specialization of these micro-SaaS solutions is evident by the lopsided ratio of micro-SaaS to users—with 70% of Chrome extensions having fewer than 100 users and only 8% of extensions having more than 1,000 users worldwide.

I predict more growth for micro-SaaS, fueled by a business culture embracing modern work and user choice—and consequently, a renewed interest in the SaaS layer within an overall cloud security strategy.

SaaS Security Driving Cloud Security

Cloud security is a top priority for nearly every organization, driven by the expectation of modern work and SaaS solutions enabling business-led IT strategies. Naturally, most security programs are primarily focused on infrastructure as a service (IaaS), principally because of the underlying foundation IaaS provides for everything else: storage, computing, transmission, operating systems and so on.

However, when we think of cloud security as a whole, we find the SaaS layer is four to five times greater than IaaS, according to Cisco. And what is more, access to IaaS systems and controls, like cloud security posture management and cloud workload protection platforms, are SaaS solutions. Much of this unchecked activity is the result of the other trends and predictions we see with unbundling, industry-cloud SaaS and the meteoric rise of micro-SaaS.

Cloud computing has always consisted of three service layers—IaaS, PaaS and SaaS. I predict SaaS security objectives to be included in more cloud security strategies, programs and focus.

Skyrocketing Consumption-Based Models

The very nature of cloud computing is designed for cost savings. Consumption-based pricing models, flexible packages, control over resource utilization and removing the administrative and management burden of on-premises deployments are just some of the ways the cloud delivers real cost savings. Whether sourced by IT and technical teams or directly by the business, I predict an increase in consumption-based models and the subsequent growth of the overall SaaS layer and its composition.

The growth of consumption-based models anticipates a rise in abandoned SaaS solutions throughout the SaaS layer. Because without entitlement to features or commitment to packages, consumption models allow users to utilize SaaS “on-demand,” pay for the SaaS used at the moment and never return again. These kinds of ethereal, transient SaaS solutions are the chief culprit of accumulated SaaS risk in the form of duplicate credentials, dangling access, zombie accounts and overly permissive authorization.

Conclusion

By 2030, KPMG estimates that 80% of the overall SaaS layer will consist of SaaS solutions operated outside the direct control of IT teams, not to mention out of sight for most security and risk controls.

The SaaS layer is asymmetric, asynchronous and amorphous. To secure it, we need an architectural shift, one built on the principle of secure SaaS outcomes rather than SaaS ownership, facilitating analysis and intelligence captured by observing how SaaS-user relationships work and implementing the right controls tailored to each organization’s SaaS security objectives.

‍

‍This article originally ran in Forbes, an American business magazine that features articles on finance, industry, investing, and marketing topics.

‍

To learn more about Grip or get a demo of its award-winning SaaS Security Control Plane, contact us.