Shadow IT use raises workplace data risks
Last month we reported on research showing that 65 percent of financial professionals were putting company data at risk by using unauthorized apps. New research carried out for anti-virus company McAfee shows that the figure is even higher across the enterprise as whole.
The study finds that of 600 employees surveyed across North America, the UK and Australasia, 80 percent admit to using non-approved software as a service (SaaS) applications in their jobs. These applications are referred to as "Shadow IT", meaning technology that hasn’t been approved by the IT department or acquired according to company procurement policy.
The rise of the cloud makes it easier for employees to deploy their own SaaS apps without reference to IT departments. The most popular unapproved application according to the survey is Microsoft Office 365, used by 9 percent of respondents, followed closely by Zoho on 8 percent. Then come social networking applications LinkedIn and Facebook each on 7 percent.
In an example of technical hypocrisy, IT users make greater use of Shadow IT (83 percent admitting to using it) than general business users on 81 percent. When asked to justify its use, 39 percent of IT respondents say they use unauthorized SaaS because, "it allows me to bypass IT processes", while 18 percent say that IT restrictions "make it difficult to do my job".
"With over 80 percent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive," says Pat Calhoun, general manager of network security at McAfee. "The best approach is to deploy solutions that transparently monitor SaaS applications and other forms of web traffic, and uniformly apply enterprise policies, without restricting employees' ability to do their jobs better. These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies".
The full report, The hidden truth behind shadow IT is available as a PDF from the McAfee website.