SaaS has a big identity problem
With more guest access than licensed users, firms are being compromised through the trusted identities and collaboration tools they rely on every day
Unmanaged SaaS guest accounts are creating massive security liabilities for small and mid-sized businesses, new research has shown.
According to Kaseya’s 2026 SaaS Security Report, 69% of SaaS accounts have more guest access than licensed users, with persistent third-party access and externally shared data leaving small and mid-sized businesses open to attack.
Gaps in multi-factor authentication (MFA), OAuth sprawl, and external file sharing are widening the SMB attack surface, the study noted. Indeed, threat actors are now abandoning perimeter attacks in favor of softer targets like identities, OAuth integrations, and collaboration workflows.
This, Kaseya noted, leaves a trust gap most small and mid-sized businesses can't even see, let alone close.
“Today’s AI-emboldened threat actors see one interconnected attack environment, whereas most organizations defend their infrastructure in pieces,” said Jim Lippie, chief product officer at Kaseya.
“The most resilient organizations will be those that embrace continuous monitoring, identity governance ,and automated response as foundational requirements.”
AI scramble has caused OAuth chaos
The rush to adopt AI has led to a sprawl of third-party OAuth integrations that use persistent tokens instead of credentials, and that risks granting attackers permanent data access even after password resets.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
As a result, non-human service principal logins now account for one-fifth of critical security alerts.
At the same time, attackers are using AI-driven automation to instantly locate and exploit dormant guest accounts, moving faster than manual defenses can respond.
Legacy controls like geolocation blocks are also failing to help, as attackers route traffic through trusted cloud hosts and VPNs.
Outside North America, Kaseya found nearly half (44%) of unauthorized logins originated from trusted infrastructure and outsourced hubs.
India accounts for 14%, the Philippines 10%, Germany 7%, the UK 7% and the Netherlands 6%.
Hackers are exploit SaaS identity gaps
Once inside, attackers are able to exploit massive identity gaps, with 56% of accounts lacking active MFA and only 27% of SMBs enforcing it across the organization.
Meanwhile, researchers found data leakage is through the roof in productivity environments. In Microsoft 365, 45% of all shared files were sent outside the organization.
Companies are also failing to keep up with severe alerts. Last year, while 98.9% of security events monitored by SaaS Alerts were classified as low severity, organizations still faced more than 278 million medium- and critical-severity alerts requiring investigation.
Kaseya recommends transitioning from rigid perimeter defenses to active, identity-first governance frameworks.
"Bridging the modern trust gap requires businesses to move away from static event tracking and instead prioritize automated behavioral monitoring that can flag anomalous activity inside trusted accounts," the company said.
"By aggressively consolidating security stacks, enforcing organization-wide MFA and continuously auditing machine identities and external sharing permissions, SMBs can eliminate critical visibility silos and systematically neutralize attacker persistence before a breach occurs."
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Startup founders lament 'regulatory friction' despite EU simplification effortsNews Entrepreneurs are spending a fortune on compliance, and it’s forcing some to consider relocating
-
Dropzone AI expands EMEA channel reach with QBS Software distribution dealNews The exclusive partnership will bring the vendor's AI-powered SOC platform to MSSPs and VARs across the region
-
AWS CEO Matt Garman is bullish on the future of SaaS — Amazon Quick shows there’s a ‘great business opportunity’ with AI-powered softwareNews Matt Garman said fears over the ‘SaaSpocalypse’ were overblown in February, now AWS is making big moves in the SaaS space
-
Software sprawl is getting out of control: 86% of IT leaders say disparate tools are creating financial strain and security risks – but consolidation is now a 'high priority'News Tools designed to simplify operations are actually making them much more complex.
-
‘SaaS dependency’ is becoming a major issue for tech leadersNews The survey highlighted issues around maintenance, innovation, and data