Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Unapproved SaaS Applications Widely Used Under IT’s Radar

A new study shows that non-approved SaaS (software-as-a-service) applications may be more pervasive in the workplace than IT departments realize.

A new study shows that non-approved SaaS (software-as-a-service) applications may be more pervasive in the workplace than IT departments realize.

According to the study, which was performed by Frost & Sullivan and sponsored by McAfee, more than 80 percent of the 600 respondents use non-approved SaaS applications in their jobs – and IT employees are the worst offenders. When compared to line-of-business users, IT professionals (83 percent) were slightly more likely than others (81 percent) to use unapproved SaaS applications.

The cloud makes it easy for employees to deploy these applications on their own. Referring to these apps as ‘Shadow IT’, the report urges organizations to abandon the idea of simply restricting the use of SaaS applications and instead focus on finding the balance between security and enablement.

“With over 80 percent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive,” said Pat Calhoun, general manager of network security at McAfee, in a statement. “The best approach is to deploy solutions that transparently monitor SaaS applications and other forms of web traffic, and uniformly apply enterprise policies, without restricting employees’ ability to do their jobs better. These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies.”

Overall, 35 percent of all SaaS applications used within the enterprise are non-approved. The most popular unapproved app is Microsoft Office 365 (9 percent), followed by Zoho (8 percent), LinkedIn (7 percent) and Facebook (7 percent). Thirty-nine percent of IT respondents use unauthorized SaaS apps because “it allows me to bypass IT processes,” and 18 percent said IT restrictions “make it difficult to do my job.”

The security problem Shadow IT poses however is quite real – on average, 15 percent of users have experienced a security, access, or liability event while using SaaS

“There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability,” said Lynda Stadtmueller, program director of the Cloud Computing analysis service within Frost & Sullivan’s Stratecast division, in a statement. “Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption. They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

CISO Conversations

In this edition of CISO Conversations, SecurityWeek speaks to two city CISOs, from the City of Tampa, and from Tallahassee.