Among the top users of software-as-a-service (SaaS) apps not authorized by the IT department are tech pros themselves, according to a recent survey commissioned by security software company McAfee Inc.
A poll of 600 IT and line of business decision makers in large companies from North America, the United Kingdom, Australia and New Zealand, found that nearly 35 per cent of all SaaS apps used in the workplace are comprised of unauthorized software or what are called shadow SaaS apps.
Business consulting firm Frost & Sullivan, which conducted the survey, also found that 80 per cent of respondents were using shadow SaaS apps to in the workplace.
Corporate IT departments may frown upon the rampant use of unauthorized applications in the workplace because of the security risk and management issues they create, the survey also said that IT professionals are among the top perpetrators of shadow IT.
As many as 83 per cent of IT professionals use shadow IT compared to only 81 per cent of line of business users.
What makes them go rogue and use apps that their department has not approved?
Restrictions and the need to get pass them in order to get their job done, according to the respondents.
Thirty nine per cent of the IT respondents said they used unauthorized SaaS because “it allows me to bypass the IT process.” Eighteen per cent said IT restrictions “make it difficult to do my job.”
“In many cases it is not malicious at all – in fact they are trying to do their job better, or make it easier,” McAfee said in a statement. “In a hypercompetitive global business environment…employees are increasingly being measured on results – in some cases with their jobs at risk.”
The security firms said it’s no surprise that in such an environment many individuals will “do whatever it takes” to meet their job and business objectives.
The top unauthorized SaaS application in the workplace was Microsoft Office 365 (9 per cent), followed by online productivity tools Zoho (8 per cent); professional social networking site LinkedIn (7 per cent); and Facebook (7 per cent).
On average, the survey said, 15 per cent of respondents experienced a security access or liability event while using SaaS.
“Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data encryption,” said Lynda Stadtmueller, program director of the cloud computing analysis service at Frost &Sullivan’s telecom forecasting arm Stratecast. “They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”
Businesses need to protect themselves from shadow SaaS usage, according to Pat Calhoun, general manager of network security at McAfee.
“The best approach is to deploy solutions that transparently monitor SaaS applications (and other forms of Web traffic) and uniformly apply enterprise policies, without restricting employees’ ability to do their jobs better,” he said.
He said such tools will not only provide secure access to SaaS applications but can also encrypt sensitive information to prevent data loss.
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."