2 min read

Unapproved apps a part of growing “shadow IT” problem: report


Unapproved apps are a growing concern for corporate IT departments and part of a wider “shadow IT” trend that organizations are having to deal with as employees turn to tools outside those controlled by the company, according to report.

The study, conducted by Stratecast for security vendor McAfee (a division of Intel Corp. (NASDAQ: INTC)), questioned more than 600 IT and line of business decision-makers in North America, the UK, Australia and New Zealand.

It found that more than 80 per cent of survey respondents are using non-approved SaaS applications in their jobs. And the biggest offenders were actually in the IT department itself

According to McAfee, the phenomenon is called “shadow IT” which it describes as “the use of technology solutions within an organization that have not been approved by the IT department or obtained according to IT policies.” Cloud computing makes it easier than ever for employees to acquire and deploy new applications without the knowledge or assistance of the IT department.

“With over 80 per cent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive,” said Pat Calhoun, general manager of network security at McAfee, in a statement. “The best approach is to deploy solutions that transparently monitor SaaS applications (and other forms of web traffic) and uniformly apply enterprise policies, without restricting employees’ ability to do their jobs better. These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies.”

The study also found that nearly 35 per cent of all SaaS applications being used in the average enterprise are unapproved. Microsoft Office 365 is the top unapproved SaaS app, followed by Zoho, LinkedIn and Facebook. Some 15 per cent of users said they had experienced a security, access, or liability event while using SaaS, and 39 per cent of IT respondents that admitted to using unauthorized SaaS apps said they did so because it allowed them to bypass IT processes, while even 18 per cent of IT respondents using unauthorized apps said IT restrictions made it difficult for them to do their jobs.

“There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability,” said Lynda Stadtmueller, program director of the cloud computing analysis service within Stratecast, in a statement. “Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption. They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”