Security pros use unauthorized SaaS apps despite the risk

No Comments

A new survey finds 73 percent of security professionals admit to using SaaS applications that have not been provided by their company's IT team in the past year.

This is despite the fact that they are acutely aware of the risks, with respondents naming data loss (65 percent), lack of visibility and control (62 percent) and data breaches (52 percent) as the top risks of using unauthorized tools.

The study, from insider risk specialist Next DLP, surveyed more than 250 global security professionals at RSA Conference 2024 and Infosecurity Europe 2024. It finds that although there's a laissez-faire attitude towards shadow SaaS, security professionals take a more cautious approach to GenAI usage. Half of the respondents highlight that AI use has been restricted to certain job functions and roles in their organization, while 16 percent have banned the technology completely. Adding to this, 46 percent of organizations have implemented tools and policies to control employees' use of GenAI.

"Security professionals are clearly concerned about the security implications of GenAI and are taking a cautious approach," says Next DLP's chief security officer, Chris Denbigh-White. "However, the data protection risks associated with unsanctioned technology are not new. Awareness alone is insufficient without the necessary processes and tools. Organizations need full visibility into the tools employees use and how they use them. Only by understanding data usage can they implement effective policies and educate employees on the associated risks."

The study also finds 40 percent of security professionals don't think employees properly understand the data security risks associated with shadow SaaS and AI. Yet, they are doing little to combat this risk. Only 37 percent of have developed clear policies and consequences for using these tools, with even less (28 percent) promoting approved alternatives to combat usage. Only half have received guidance and updated policies on shadow SaaS and AI in the past six months, with one in five admitting to never receiving this. In addition, nearly one-fifth of security professionals are unaware of whether their company has updated policies or provided training on these risks.

"Clearly, there is a disparity between employee confidence in using these unauthorized tools and the organization’s ability to defend against the risks," adds Denbigh-White. "Security teams should evaluate the extent of shadow SaaS and AI usage, identify frequently used tools, and provide approved alternatives. This will limit potential risks and ensure confidence is deserved, not misplaced."

You can find out more on the Next DLP blog.

Image credit: olly18/depositphotos.com

No Comments
Got News? Contact Us

Recent Headlines

Security pros use unauthorized SaaS apps despite the risk

Enterprises struggling to implement GenAI

Bosch introduces 300 Series smart dishwasher with Amazon Alexa and Google Home compatibility

Logitech launches G309 LIGHTSPEED wireless gaming mouse

Sabrent releases HB-STDK USB-C 3-Port Gaming Hub for Steam Deck

Google maps mouse brain

What happens if you set every Windows 10 registry key to zero? Let's find out...

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Linux-based EndeavourOS

79 Comments

Say goodbye to Microsoft Windows 11: openSUSE Leap 15.6 is the Linux-based operating system you need!

60 Comments

Bye bye Microsoft Windows 11: Hello Nitrux 3.5.1, the secure, lightweight Linux alternative

28 Comments

Lucky for some -- Windows 13 is everything Windows 11 should be

28 Comments

SDesk ISO 19 released: Say goodbye to Microsoft Windows 11 and hello to Linux

21 Comments

Joe Biden implements Kaspersky ban ahead of debate with Donald Trump, citing national security concerns

19 Comments

CachyOS June 2024 release makes it easy to say goodbye to Microsoft Windows 11 and hello to Linux

17 Comments

Deepin Linux V23 RC2 delivers a kung fu kick from China to knock out Windows 11

16 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.