Connect with us

Hi, what are you looking for?


Management & Strategy

Unapproved SaaS Applications Widely Used Under IT’s Radar

A new study shows that non-approved SaaS (software-as-a-service) applications may be more pervasive in the workplace than IT departments realize.

A new study shows that non-approved SaaS (software-as-a-service) applications may be more pervasive in the workplace than IT departments realize.

According to the study, which was performed by Frost & Sullivan and sponsored by McAfee, more than 80 percent of the 600 respondents use non-approved SaaS applications in their jobs – and IT employees are the worst offenders. When compared to line-of-business users, IT professionals (83 percent) were slightly more likely than others (81 percent) to use unapproved SaaS applications.

The cloud makes it easy for employees to deploy these applications on their own. Referring to these apps as ‘Shadow IT’, the report urges organizations to abandon the idea of simply restricting the use of SaaS applications and instead focus on finding the balance between security and enablement.

“With over 80 percent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive,” said Pat Calhoun, general manager of network security at McAfee, in a statement. “The best approach is to deploy solutions that transparently monitor SaaS applications and other forms of web traffic, and uniformly apply enterprise policies, without restricting employees’ ability to do their jobs better. These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies.”

Overall, 35 percent of all SaaS applications used within the enterprise are non-approved. The most popular unapproved app is Microsoft Office 365 (9 percent), followed by Zoho (8 percent), LinkedIn (7 percent) and Facebook (7 percent). Thirty-nine percent of IT respondents use unauthorized SaaS apps because “it allows me to bypass IT processes,” and 18 percent said IT restrictions “make it difficult to do my job.”

The security problem Shadow IT poses however is quite real – on average, 15 percent of users have experienced a security, access, or liability event while using SaaS

“There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability,” said Lynda Stadtmueller, program director of the Cloud Computing analysis service within Frost & Sullivan’s Stratecast division, in a statement. “Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption. They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem