Shadow IT Security Gaps and 7 Ways to Resolve Them
Project and Program: Enterprise Data Center
, Security and Compliance
, SHARE in Orlando 2015
The growth in cloud-based Software-as-a-Service (SaaS) applications over the past decade has been phenomenal. Companies of all sizes are adopting the cloud delivery model and outsourcing a wide range of applications and infrastructure to external service providers.
The cloud also makes it relatively easy for line-of-business (LOB) personnel, such as employees from marketing or finance, to acquire and deploy SaaS applications without involving the IT department. As a result, many applications are used by corporate employees and others (such as contractors or business partners) without the participation or approval of IT – in particular, IT security professionals.
“Shadow IT” is broadly defined as the use of technology solutions within an organization that have not been approved by the IT department or deployed using IT security policies. These non-approved solutions may be adopted by individual employees or by an entire workgroup or department.
Worldwide, more than 80% of employees are using non-approved SaaS applications. Out of all SaaS applications in use, nearly 35% were found to be non-approved and considered Shadow IT. With the rapid growth of SaaS in recent years, IT is struggling to keep up – and they know it. Worldwide, IT departments are more likely to know the corporate SaaS policy, but it turns out that IT actually uses significantly more non-approved SaaS apps than LOB users. In fact, 39% of IT employees indicated that they use SaaS to bypass their own policies - with 18% even admitting these policies make it difficult to do their own jobs.
Given the relatively large number of non-approved SaaS applications in the enterprise, both LOB and IT users are acutely aware of, and even concerned about, potential security risks.
This presentation will provide 7 recommendations for resolving the very real security problems and concerns when users, including the IT department, choose to implement unauthorized SaaS solutions.-Ben Cody-Intel Security Group
Back to Proceedings File Library