The use of ‘shadow IT’, where staff purchase software without the approval of their IT department, is still on the rise. Despite being acutely aware of the cyber risks involved, three-quarters of security professionals admit to using off-the-shelf software-as-a-service (SaaS) applications in the last year.
According to a survey of over 250 global security professionals carried out by cybersecurity firm Next DLP, 73 percent admitted to using SaaS applications, with over half of the respondents naming data loss (65 percent), lack of visibility and control (62 percent) and data breaches (52 percent) as the chief risks inherent in using unauthorized tools. One in ten also admitted they were certain their organization had suffered a data breach or data loss as a result.
The seeming contradiction between security professionals’ knowledge of the risks of Saas and their apparent disinterest in securing those risks can be explained by the growing ubiquity of SaaS tools such as Zoom and Google Workspace in the workplace.
Microsoft 365 and Google Workspace fuel rise in Shadow IT
“Easy access to SaaS applications (such as M365, Google Workspace, Slack, Zoom, Shopify, etc.) means that employees are able to adopt new tools without proper oversight, leading to “Shadow SaaS” — the use of unsanctioned applications that IT departments are unaware of,” says Next DLP.
The survey also finds that security professionals believe that their own organization’s comprehension of the potential danger of the widespread adoption of Shadow SaaS is poor to non-existent. Forty percent believe that employees do not fully comprehend the cybersecurity risks associated with Shadow SaaS. Roughly a fifth of respondents are also totally unaware of whether their company has even updated its policies or provided training on these risks.
The survey did, however, also question respondents on the security surrounding the recent adoption of artificial intelligence (AI) in the workplace. Half highlight that, in their organizations, AI use is restricted to certain job functions and roles, Sixteen percent have already taken the step of banning AI completely.
“A laissez-faire attitude towards Shadow SaaS was also uncovered in the survey results, while security professionals have taken a more cautious approach to GenAI usage,” concludes Next DLP.
