Is something dangerous lurking in the shadows of your organization? That’s the question we sought to answer by commissioning Stratecast to research the use of unauthorized Software-as-a-Service (SaaS) applications in the workplace. The findings revealed that widespread risk for companies is originating from the use of unauthorized apps within the workplace. According to the study, more than 80% of employees surveyed have used non-approved SaaS applications — also known as “Shadow IT”— a habit that brings with it some serious security implications for CIOs and business executives.
The SaaS model, in which the software vendor is responsible for hosting and maintaining “cloud” applications, offers many benefits for both corporate and consumer users: SaaS applications are generally easier to access and maintain, less expensive, and more easily deployed than traditional licensed software. SaaS applications have become popular for precisely these reasons, but when used in the workplace without IT approval, new vulnerabilities are introduced that many organizations have not anticipated or taken measures to address.
The number one security concern pertaining to the use of non-approved applications in the workplace is the unauthorized access to company data. Other prominent risks include compromised account information, corporate reputation taking a hit due to security or access issues, and data getting lost or deleted by a cloud provider. All valid concerns, as it was discovered that 15% of users have experienced such liability, access, or security events while using unapproved SaaS applications.
In fact, the study uncovered a number of illuminating discoveries, including:
- IT professionals are the worst offenders of Shadow IT (83% of IT professionals vs. just 81% of employees have used unapproved SaaS apps)
- Microsoft Office 365 is the top unapproved SaaS application (9% of respondents), followed closely by Zoho (8%), LinkedIn (7%) and Facebook (7%).
- 39% of IT respondents say they use unauthorized SaaS apps because, “it allows [them] to bypass IT processes,” while 18% agreed that IT restrictions “make it difficult to do [their] job.”
More surprising than any of the above discoveries, perhaps, is the fact that many employees recognize the risks associated with using non-approved SaaS apps, yet they continue to do so. Shadow IT is a real problem for organizations of all sizes, and rather than attempting to ban outside application use, a conversation must be had to determine how to best protect your business while allowing employees the freedom to make safe choices.
Do you know the security implications of Shadow IT for your organization? Are employees putting your corporate data at risk? What kind of policy should be implemented for businesses that use SaaS apps? And, without visibility into who can access Shadow IT applications, is there an increased chance that someone will steal your data?
These are just a few of the questions we will be discussing in our upcoming #SecChat on “The Security Impact of Shadow IT.”
On December 12th at 11 am PT we will be hosting an hour-long Twitter chat where we will discuss with security experts the various internal implications of Shadow IT. McAfee Senior Director of Network Security Product Management, Graham Clarke, will be joining the conversation and we hope that you will too. Bring your questions, personal experiences, and best practices for dealing with Shadow IT, and when it comes time for our chat, please follow the steps below to participate:
- Sign into your Twitter account at http://www.twitter.com
- Search for the #SecChat hashtag (using Twitter, or a Twitter client like Twubs.com) and watch the real-time stream.
- Follow @McAfeeBusiness. We’ll get the conversation started by posing a few questions to participants.
- Tweet your reactions, questions, and replies to the chat, making sure to tag all your tweets with the #SecChat hashtag along the way!
- Direct questions around #SecChat to @McAfeeBusiness on Twitter.
Don’t forget to mark your calendars, RSVP to our Twtvite and make sure you check out the full list of findings from Stratecast’s research on Shadow IT. We look forward to seeing you in the stream!