McAfee has released the results of a market research survey designed to uncover the extent and risks of unauthorized Software-as-a-Service (SaaS) applications. The study, conducted by Stratecast, a division of Frost & Sullivan, found that more than 80 percent of survey respondents admit to using non-approved SaaS applications in their jobs. Furthermore, IT employees use a higher number of non-approved SaaS applications than other company employees.
These SaaS applications are also referred to as “ Shadow IT,” which is broadly defined as the use of technology solutions within an organization that have not been approved by the IT department or obtained according to IT policies. Frost & Sullivan estimates that the overall SaaS market in North America alone will grow at a rate of 16 percent CAGR, reaching a market value of $23.5 billion USD by 2017. The cloud also makes it relatively easy for employees to acquire and deploy SaaS applications without involving the IT department. As a result, many applications are used by corporate employees and others (such as contractors or business partners) without the participation or approval of the corporate IT department.
- More than 80 percent of survey respondents admit to using non-approved SaaS applications in their jobs.
- Nearly 35 percent of all SaaS applications used within the enterprise are non-approved, contributing to Shadow IT.
- Microsoft Office 365 is the top unapproved SaaS application (9 percent of respondents), followed closely by Zoho (8 percent), LinkedIn (7 percent) and Facebook (7 percent).
- On average, 15 percent of users have experienced a security, access, or liability event while using SaaS.
- IT professionals use Shadow IT more than business users (81 percent of Line of Business users, and 83 percent of IT users).
- 39 percent of IT respondents use unauthorized SaaS because, “it allows me to bypass IT processes”, while 18 percent agreed that IT restrictions “make it difficult to do my job.”
“There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability,” said Lynda Stadtmueller, program director of the Cloud Computing analysis service within Stratecast. “Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption. They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”