Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Unapproved SaaS Applications Widely Used Under IT’s Radar

A new study shows that non-approved SaaS (software-as-a-service) applications may be more pervasive in the workplace than IT departments realize.

A new study shows that non-approved SaaS (software-as-a-service) applications may be more pervasive in the workplace than IT departments realize.

According to the study, which was performed by Frost & Sullivan and sponsored by McAfee, more than 80 percent of the 600 respondents use non-approved SaaS applications in their jobs – and IT employees are the worst offenders. When compared to line-of-business users, IT professionals (83 percent) were slightly more likely than others (81 percent) to use unapproved SaaS applications.

The cloud makes it easy for employees to deploy these applications on their own. Referring to these apps as ‘Shadow IT’, the report urges organizations to abandon the idea of simply restricting the use of SaaS applications and instead focus on finding the balance between security and enablement.

“With over 80 percent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive,” said Pat Calhoun, general manager of network security at McAfee, in a statement. “The best approach is to deploy solutions that transparently monitor SaaS applications and other forms of web traffic, and uniformly apply enterprise policies, without restricting employees’ ability to do their jobs better. These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies.”

Overall, 35 percent of all SaaS applications used within the enterprise are non-approved. The most popular unapproved app is Microsoft Office 365 (9 percent), followed by Zoho (8 percent), LinkedIn (7 percent) and Facebook (7 percent). Thirty-nine percent of IT respondents use unauthorized SaaS apps because “it allows me to bypass IT processes,” and 18 percent said IT restrictions “make it difficult to do my job.”

The security problem Shadow IT poses however is quite real – on average, 15 percent of users have experienced a security, access, or liability event while using SaaS

“There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability,” said Lynda Stadtmueller, program director of the Cloud Computing analysis service within Frost & Sullivan’s Stratecast division, in a statement. “Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption. They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Conversations

SecurityWeek speaks with two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier.