Source: Lex Photography
Cyber attacks. Do they keep you up at night? Apparently not your IT department.
According to a new study, shadow IT, not cyberattacks, is the top security concern of tech executives. Also, 69% of respondents reported shadow IT as a major obstacle to SaaS adoption. This was one of the key findings in the 2022 SaaS Visibility and Impact Report released by SaaS management automation platform, Torii. The other major security concerns included offboarding (59%), remote workers (56%), and malicious attacks (36%).
The common factor among these security concerns is lack of visibility as stated by the report. Shadow IT comes at the top of the list due to its prevalence. Defined as apps that are not explicitly approved by the company’s IT department, Shadow IT came to the attention of tech executives when employees started relying on various cloud applications during the COVID-19 lockdowns. Examples of Shadow IT apps include common business apps such as Dropbox, WhatsApp messaging, Apple Airdrop, and other blue-tooth sharing tools.
Security and Compliance Risks
In the post-pandemic world, businesses have already welcomed hybrid work setups. While allowing more flexibility to teams, this work approach also presents tech challenges to IT departments. The report found that more than half (52%) of surveyed companies said that their employees download or purchase their own apps without the IT department’s knowledge.
Additionally, 32% said that line of business (LOB) managers also make individual purchases of unsanctioned apps. As more employees are exercising autonomy in choosing which apps they want to use, IT departments are losing control over visibility and inevitably, security. After all, IT cannot control what it cannot see.
The report highlights the security and compliance risks of Shadow IT (largely undetected and invisible, hence the name) for organizations that have sensitive data being accessed by employees through unsanctioned applications. This means usage is hard to monitor and security breaches difficult to catch. Security breaches can be costly, time-consuming to resolve and have the potential to destroy a business’s reputation. 55% reported lapses in security protocols since the start of COVID-19 and 80% of these cases were caused by applications without the approval of the IT department.
“The new reality of distributed and remote work has driven Shadow IT to a whole new level, empowering employees to provision and manage their own cloud applications. While that’s allowed teams to innovate faster, it’s also led to increased security risk and a complete breakdown of old tools and methods for managing it,” explained Torii CEO, Co-Founder, Uri Haramati.
Striking the Balance Between Autonomy and Control
Though the report focused on the risks of Shadow IT, it was also clear to acknowledge that there are benefits to cloud-based apps when monitored properly. Decentralization is here to stay and IT’s contributions to monitoring security and technology assets have increased.
To effectively address Shadow IT, organizations need to focus on mitigating the risks while still allowing employees to experiment with software solutions for their work. Companies can implement IT management automation tools, for example, to discover app usage of both sanctioned and unsanctioned applications.
Why is FinancesOnline free?
Leave a comment!