Offering employees choices to combat SaaS sprawl
The ease with which employees can sign up for unsanctioned cloud services continues to haunt security operations teams. Call it cloud sprawl, SaaS sprawl, or identity sprawl -- all variations on the same theme: Workers or departments signing up for unmanaged cloud services that businesses might not even know about, resulting in redundant services, unmanaged subscriptions, and security debt. In 2023, companies used an average of 112 different software-as-a-service (SaaS) applications, down slightly from the 2022 peak of 130, and those are conservative estimates.
SaaS sprawl is both an IT management and security problem -- it complements Shadow IT. Increasingly, CISOs recognize the issue but often take steps that turn their employees into adversaries, not allies.