14 DAY TRIAL // McAfee has published a new study on the use of unauthorized Software-as-a-Service (SaaS) applications, also known as “Shadow IT,” in the workplace.
The figures show that 80% of those who have taken part in the survey (conducted by Stratecast) admit using solutions that haven’t been approved by their IT departments. In fact, 35% of all the SaaS applications used in an organization are not approved.
Apparently, Microsoft Office 365 is the number one unapproved SaaS application. 9% of respondents have admitted using it. 8% say they use Zoho, while 7% utilize LinkedIn and Facebook.
15% of those who use Shadow IT have experienced security, liability or access issues.
Interestingly, IT professionals are using a higher number of unauthorized SaaS apps compared to other employees. Furthermore, 39% of IT employees rely on Shadow IT to bypass IT processes. 18% of them complain that IT restrictions make it more difficult for them to do their job.
“There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability,” noted Lynda Stadtmueller, program director of the Cloud Computing analysis service within Stratecast.
“Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption. They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”
Pat Calhoun, general manager of network security at McAfee, believes that the best approach is to deploy solutions that transparently monitor SaaS applications. Organizations must find a way to apply enterprise policies without restricting the ability of employees to do their jobs more efficiently.
“These [solutions] not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies,” Calhoun said.
“The hidden truth behind Shadow IT” is available on McAfee’s website.