Unapproved apps a part of growing “shadow IT” problem: report

Unapproved apps are a growing concern for corporate IT departments and part of a wider “shadow IT” trend that organizations are having to deal with as employees turn to tools outside those controlled by the company, according to report.

The study, conducted by Stratecast for security vendor McAfee (a division of Intel Corp. (NASDAQ: INTC)), questioned more than 600 IT and line of business decision-makers in North America, the UK, Australia and New Zealand.

It found that more than 80 per cent of survey respondents are using non-approved SaaS applications in their jobs. And the biggest offenders were actually in the IT department itself

According to McAfee, the phenomenon is called “shadow IT” which it describes as “the use of technology solutions within an organization that have not been approved by the IT department or obtained according to IT policies.” Cloud computing makes it easier than ever for employees to acquire and deploy new applications without the knowledge or assistance of the IT department.

“With over 80 per cent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive,” said Pat Calhoun, general manager of network security at McAfee, in a statement. “The best approach is to deploy solutions that transparently monitor SaaS applications (and other forms of web traffic) and uniformly apply enterprise policies, without restricting employees’ ability to do their jobs better. These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies.”

The study also found that nearly 35 per cent of all SaaS applications being used in the average enterprise are unapproved. Microsoft Office 365 is the top unapproved SaaS app, followed by Zoho, LinkedIn and Facebook. Some 15 per cent of users said they had experienced a security, access, or liability event while using SaaS, and 39 per cent of IT respondents that admitted to using unauthorized SaaS apps said they did so because it allowed them to bypass IT processes, while even 18 per cent of IT respondents using unauthorized apps said IT restrictions made it difficult for them to do their jobs.

“There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability,” said Lynda Stadtmueller, program director of the cloud computing analysis service within Stratecast, in a statement. “Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption. They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jeff Jedras
Jeff Jedras
A veteran technology and business journalist, Jeff Jedras began his career in technology journalism in the late 1990s, covering the booming (and later busting) Ottawa technology sector for Silicon Valley North and the Ottawa Business Journal, as well as everything from municipal politics to real estate. He later covered the technology scene in Vancouver before joining IT World Canada in Toronto in 2005, covering enterprise IT for ComputerWorld Canada. He would go on to cover the channel as an assistant editor with CDN. His writing has appeared in the Vancouver Sun, the Ottawa Citizen and a wide range of industry trade publications.

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.