A new study shows that non-approved SaaS (software-as-a-service) applications may be more pervasive in the workplace than IT departments realize.
According to the study, which was performed by Frost & Sullivan and sponsored by McAfee, more than 80 percent of the 600 respondents use non-approved SaaS applications in their jobs – and IT employees are the worst offenders. When compared to line-of-business users, IT professionals (83 percent) were slightly more likely than others (81 percent) to use unapproved SaaS applications.
The cloud makes it easy for employees to deploy these applications on their own. Referring to these apps as ‘Shadow IT’, the report urges organizations to abandon the idea of simply restricting the use of SaaS applications and instead focus on finding the balance between security and enablement.
“With over 80 percent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive,” said Pat Calhoun, general manager of network security at McAfee, in a statement. “The best approach is to deploy solutions that transparently monitor SaaS applications and other forms of web traffic, and uniformly apply enterprise policies, without restricting employees’ ability to do their jobs better. These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies.”
Overall, 35 percent of all SaaS applications used within the enterprise are non-approved. The most popular unapproved app is Microsoft Office 365 (9 percent), followed by Zoho (8 percent), LinkedIn (7 percent) and Facebook (7 percent). Thirty-nine percent of IT respondents use unauthorized SaaS apps because “it allows me to bypass IT processes,” and 18 percent said IT restrictions “make it difficult to do my job.”
The security problem Shadow IT poses however is quite real – on average, 15 percent of users have experienced a security, access, or liability event while using SaaS
“There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability,” said Lynda Stadtmueller, program director of the Cloud Computing analysis service within Frost & Sullivan’s Stratecast division, in a statement. “Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption. They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
