|[December 04, 2013]
McAfee Finds Eighty Percent of Employees Use Unapproved Apps at Work
SANTA CLARA, Calif. --(Business Wire)--
has released the results of a market research survey designed to uncover
the extent and risks of unauthorized Software-as-a-Service (SaaS (News - Alert))
applications. The study, conducted by Stratecast, a division of Frost &
Sullivan, found that more than 80 percent of survey respondents admit to
using non-approved SaaS applications in their jobs. Furthermore, IT
employees use a higher number of non-approved SaaS applications than
other company employees.
These SaaS applications are also referred to as "Shadow
IT," which is broadly defined as the use of technology solutions
within an organization that have not been approved by the IT department
or obtained according to IT policies. Frost & Sullivan (News - Alert) estimates that
the overall SaaS market in North America alone will grow at a rate of 16
percent CAGR, reaching a market value of $23.5 billion USD by 2017. The
cloud also makes it relatively easy for employees to acquire and deploy
SaaS applications without involving the IT department. As a result, many
applications are used by corporate employees and others (such as
contractors or business partners) without the participation or approval
of the corporate IT department.
More than 80 percent of survey respondents admit to using non-approved
SaaS applications in their jobs.
Nearly 35 percent of all SaaS applications used within the enterprise
are non-approved, contributing to Shadow IT.
Microsoft (News - Alert) Office 365 is the top unapproved SaaS application (9 percent
of respondents), followed closely by Zoho (8 percent), LinkedIn (7
percent) and Facebook (7 percent).
On average, 15 percent of users have experienced a security, access,
or liability event hile using SaaS.
IT professionals use Shadow IT more than business users (81 percent of
Line of Business users, and 83 percent of IT users).
39 percent of IT respondents use unauthorized SaaS because, "it allows
me to bypass IT processes", while 18 percent agreed that IT
restrictions "make it difficult to do my job."
"There are risks associated with non-sanctioned SaaS subscriptions
infiltrating the corporation, particularly related to security,
compliance, and availability," said Lynda Stadtmueller, program director
of the Cloud Computing analysis service within Stratecast. "Without
appropriate knowledge, non-technical employees may choose SaaS providers
or configurations that do not measure up to corporate standards for data
protection and encryption. They may not realize that their use of such
applications may violate regulations concerning handling and storage of
private customer data, leaving the company liable for breaches."
So what makes these employees act rogue and deploy non approved
applications? In many cases it is not malicious at all - in fact they
are trying to do their job better, or make it easier. In a
hypercompetitive global business environment, in which companies are
looking to increase tight margins, employees are increasingly being
measured on results, in some cases, with their jobs at risk. So they
will do whatever it takes to meet their job objectives, which presumably
contribute to the company's own business objectives.
"With over 80 percent of employees admitting to using non-approved SaaS
in their jobs, businesses clearly need to protect themselves while still
enabling access to applications that help employees be more productive,"
said Pat Calhoun, general manager of network security at McAfee (News - Alert). "The
best approach is to deploy solutions that transparently monitor SaaS
applications and other forms of web traffic, and uniformly apply
enterprise policies, without restricting employees' ability to do their
jobs better. These not only enable secure access to SaaS applications,
but can also encrypt sensitive information, prevent data loss, protect
against malware, and enable IT to enforce acceptable usage policies."
With SaaS application adoption continuing to grow, companies need to
develop policies that strike the right balance between flexibility and
control. IT and business leaders need to work together to create and
support policies that enable employees to use the apps they need to be
productive, with controls in place to protect data and minimize
corporate risk. McAfee offers organizations the solutions that can
provide the access, security, and control needed to meet the growth of
About the Study:
The survey questioned more than 600 IT and line of business
decision-makers or influencers in North America, the UK, Australia and
New Zealand. Two-thirds of the employees surveyed came from companies
with 1,000-10,000 employees, and one-third from companies with more than
10,000. To view a copy of the full report visit www.mcafee.com/us/resources/reports/rp-six-trends-security.pdf.
McAfee, a wholly owned subsidiary of Intel (News - Alert) Corporation (NASDAQ:INTC),
empowers businesses, the public sector, and home users to safely
experience the benefits of the Internet. The company delivers proactive
and proven security solutions and services for systems, networks, and
mobile devices around the world. With its Security Connected strategy,
innovative approach to hardware-enhanced security, and unique Global
Threat Intelligence network, McAfee is relentlessly focused on keeping
its customers safe. http://www.mcafee.com
Note: McAfee is a registered trademark of McAfee, Inc. in the United
States and other countries. Other names and brands may be claimed as the
property of others.
[ Back To Technology News's Homepage ]