Report cover image

Security Baselining SaaS and PaaS: An Overlooked Necessity

Publisher IDC
Published Mar 31, 2026
Length 10 Pages
SKU # IDC21057302

Description

This IDC Perspective describes common breach scenarios that can be mitigated by SaaS platform hardening along with recovery steps. Addressing this risk robustly relies on sound governance and hardening based on risk. We cover the security program foundations needed to make these efforts successful and outline a tactical approach to hardening individual systems. Third-party SaaS platforms often ship with permissive configurations that favor ease of adoption over security. Organizations that fail to assess the security capabilities of these platforms and harden them appropriately prior to deployment may inadvertently expose themselves to compromise by malicious actors or personnel who accidentally mishandle sensitive data."SaaS platforms are a significant and growing attack surface for organizations that require a thoughtful approach to harden consistently," says Joel Sandin, adjunct research advisor for IDC's IT Executive Programs (IEP). "Central IT infrastructure and management tools can help, but the ultimate success of these efforts rests on sound governance and risk-informed review and configuration."

Table of Contents

10 Pages

Executive Snapshot

Key takeaways

Recommended actions

Situation Overview

Motivating examples

Example 1: Permissive defaults, weak identity, and access management guardrails

Example 2: Audit trail and log retention issues, dangerous features, inadvertent exposure of sensitive data

Example 3: Third-party integration risks, lack of API hardening, and overprivileged access issues

Advice for the Technology Buyer

Risk drives baseline requirements and implementation

Approach outline

Capture risk, in particular platform risk, as part of vendor security assessments

Assess platform capabilities and integration points for centralized baseline enforcement

Develop a hardening plan based on risk and risk tolerance

Implement baselines and plan for ongoing compliance assessment

Limit exposure and reduce attack surface

Control identity and access

Prepare for failure

Plan for ongoing posture assessment and management

Learn More

Related research

Synopsis

Search Inside Report

Pricing

Currency Rates
How Do Licenses Work?

How Do Licenses Work?

The primary function of a report license is to define how many people within a company are authorized to use the purchased report. This is separate to how a report might be delivered. Unless specifically identified otherwise, the purchase option is Single User. Below is a helpful description of that license, along with a sampling of others most commonly offered.

  • This license allows only one user to have access to and to use/read the report. It is not one user at a time or one user group; it is an individual who will be reading and utilizing the report.

  • This license allows for the entire purchasing company to read and use the report. This is the license level that would allow for a report to be placed on an internal company shared drive for access by all employees of that direct company. This license does not extend to parent or sister company use.

  • This license is designed to allow an entire department within a company full access to a report. The departmental license is a great option for companies that have more than one location and the department is spread out all over the country/world

  • This license is for companies that have one location where they want the report to be accessible by all employees within that physical location.

  • This is the most flexible of the licensing options. Some publishers will allow you to get a license for a preset number of people (typically 5). These licenses are ideal for small work groups.

License options are at the discretion of each publisher. As such, not all licenses indicated above are available for every product. If you are uncertain of the best license for your needs or would like a license that is not proactively available, please contact us and we will be happy to assist.

Request A Sample
Head shot

Questions or Comments?

Our team has the ability to search within reports to verify it suits your needs. We can also help maximize your budget by finding sections of reports you can purchase.
Chat Now
Contact Us