Furthermore, IT employees used a higher number of non-approved applications than other company employees. But the reasons why this happens might surprise you.
In many cases, employees ‘going rogue’ were simply trying to do their job better, or make it easier. According to the study, 39 percent of IT respondents use unauthorized SaaS because “it allows me to bypass IT processes” while 18 percent agreed that IT restrictions “make it difficult to do my job.”
In a hypercompetitive business environment, employees are increasingly being measured on results, and are expected to carry out their jobs in the most cost-effective and efficient manner. The search for more efficient software came take them out of approved application waters.
Pat Calhoun, general manager of network security at McAfee, looks at options for businesses who want to protect themselves – but at the same time not restrict employee productivity.
“With over 80 percent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive,” said Calhoun. “The best approach is to deploy solutions that transparently monitor SaaS applications (and other forms of web traffic) and uniformly apply enterprise policies, without restricting employees’ ability to do their jobs better. These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies.”
The study was conducted by Stratecast, a division of Frost & Sullivan. It surveyed the use of unapproved applications in companies. These actions are also known as Shadow IT, or the use of technology solutions that have not been approved by the IT department or obtained according to IT policies.
It was found that Microsoft Office 365 was the top unapproved SaaS application (9 percent of respondents), followed by Zoho (8 percent), LinkedIn (7 percent) and Facebook (7 percent).
Additionally, the report suggests that the cloud also makes it relatively easy for employees to acquire and deploy SaaS applications without involving the IT department. As a result, many applications are used by corporate employees and others (i.e. contractors or business partners) without the participation or approval of the corporate IT department.
While unapproved applications might in some instances help employees with their jobs, as always there are threats associated with non-sanctioned SaaS.
“There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability,” said Lynda Stadtmueller, program director of the Cloud Computing analysis service within Stratecast. “Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption. They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”
With SaaS application adoption continuing to grow, the report recommends that companies need to develop policies that strike a balance between flexibility and control. To view a copy of the full report go to www.mcafee.com/us/resources/reports/rp-six-trends-security.pdf.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…