SaaS Security Posture

SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration – can also be exploited by threat actors.

Recently, Adaptive Shield commissioned a Total Economic Impact™ (TEI) study conducted by Forrester Consulting. The study demonstrates the impactful ROI achieved by a multimedia company with an annual revenue of $10 billion. While the quantitative ROI is significant, at 201%, the qualitative security ROI improvements were substantial.

Adaptive Shield
Figure 1: Summary of the TEI Study


In this article, we'll examine the study's findings of how Adaptive Shield's SaaS Security Posture Management (SSPM) platform impacted this global enterprise.

Learn how a $10B media firm dramatically improved their security posture with SSPM

The Organization's Top SaaS Challenges

In interviews with Forrester Consulting, the organization being studied pointed out several key challenges that were facing in their SaaS stack leading up to 2022.

  1. The organization acknowledged that they lacked the knowledge and skill to manage the applications. They didn't understand many of the unique configurations or the impact they had on security or compliance, which left them unaware of the risks or mitigations that needed to happen.
  2. The organization had experienced an increase in SaaS adoption across IT, HR, sales, marketing, and other departments. They recognized that sensitive assets and valuable data were moving into SaaS applications and being spread out in a way that the security team could no longer supervise all its comings and goings. In addition, they needed to foster collaboration between the app owners, who control the applications, and security teams that are tasked with securing them.
  3. They were also dealing with increased complexity caused by their Merger & Acquisition (M&A) activity. Each M&A increased the number of applications that they needed to manage, many of which were geographically-distributed tenants that could not be easily combined with existing tenants of the app.

The organization began looking for a solution that could alleviate the SaaS misconfigurations that they were dealing with at scale. They needed a platform that would integrate with multiple business applications, mitigate communication issues between the app owners and security teams, and help them maintain regulatory compliance in their SaaS stack.

They were impressed with Adaptive Shield's platform which not only demonstrated the widest coverage of supported applications but also found configuration issues during the proof of concept phase. In 2022, Adaptive Shield was selected and deployed to secure the organization's stack.

Security Benefits Adaptive Shield Introduced to the Organization

Forrester Consulting found that Adaptive Shield enabled the security team to "gain complete control and increased visibility of the security posture of all business-critical applications."

Increased SaaS Security Posture

The security team had dealt with six security issues stemming from misconfigurations and low-security posture in the past. However, the organization saw posture improvements beginning with the POC. They "realized substantial improvement in its security posture score through visibility, remediation guidance, and ongoing monitoring" while experiencing a 30% increase in posture.

Improved Collaboration

Forrester Consulting also found evidence of increased collaboration between security teams and app owners. They noted that business owners are critical players in securing applications, as they have "the key to the kingdom," but they lacked the security expertise needed to secure their ecosystem. Deploying Adaptive Shield helped bridge that gap and foster collaboration between the app owners and security teams.

Many Other Security Benefits

While some security benefits were quantifiable by the Forrester Consulting team, they were unable to place a dollar value on everything offered by Adaptive Shield. For example, Forrester Consulting found that the automated processes within the Adaptive Shield platform allowed security teams to focus on security management rather than conduct interviews with app owners about their configurations. It also helped the organization overcome challenges introduced by the democratization of SaaS security. It helped the organization achieve continuous compliance, avoiding any interruptions to business operations, and staying ahead of any SaaS security trends.

Find out how an SSPM can deliver impressive ROI and security benefits

Why Economic Benefits Indicated a 201% ROI

The Total Economic Impact™ study measured the return on investment experienced by the organization that was interviewed. To quantify these findings, Forrester Consulting first calculated the value of an improved SaaS Security posture. They factored in the number of breaches that had taken place before Adaptive Shield was deployed and projected the number of breaches over three years. Their calculations included diminished productivity, impacted business and security users, and salary data. Their three-year present value estimate of an improved SaaS Security posture was $1.49M.

Adaptive Shield
Figure 2: Breakdown of ROI by Category


Next, Forrester Consulting reviewed operational efficiency achieved through the Adaptive Shield's SSPM platform. They factored in the number of applications being monitored, hourly wages, and the cost of securing SaaS applications with and without an automated solution. Their estimated three-year present value of savings was $397K.

Forrester Consulting then turned its attention to compliance. They calculated improvements in efficiency based on the time it takes organizations to review their applications and ensure compliance with the different standards. Their three-year present value was worth $260K.

Improved collaboration between security teams and business app owners added another 32K in savings over three years at present value. While the study noted other areas of ROI, it wasn't able to quantify them.

The total benefits over three years (at present value) totaled $2.18M. The total licensing and deployment costs over those three years, at present value, was $723,866. Payback was reached in less than six months, and the ROI over the three-year time frame was 201%.

A Push Toward SaaS Security

Today, organizations are increasing the volume and value of data stored in the cloud. Modern SaaS apps contain highly sensitive data, including PII, intellectual property, and third-party confidential information. Protecting this data is paramount, and the only realistic way to secure it is through a SaaS Security Posture Management (SSPM) tool.

Organizations understand the need to secure their SaaS stack. At the same time, they need to justify the cost of adding new security tools. By demonstrating significant, measurable ROI, organizations can finally make the case for implementing an SSPM solution.

For the full TEI study, click here.

Note: This article has been expertly written by Maor Bin, CEO and co-founder of Adaptive Shield.


Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.