Torii announced a report revealing that 69% of tech executives believe shadow IT is a top concern related to SaaS – or cloud application – adoption.
The majority of respondents have made exceptions to their SaaS security protocols, with 80% doing so because the applications were adopted outside IT’s purview. To combat these and other SaaS sprawl concerns, 64% are evaluating or planning to deploy SaaS management tools.
“The new reality of distributed and remote work has driven shadow IT to a whole new level, empowering employees to provision and manage their own cloud applications. While that’s allowed teams to innovate faster, it’s also led to increased security risk and a complete breakdown of old tools and methods for managing it. They weren’t designed for SaaS and the shadow IT explosion, and simply cannot keep up,” said Uri Haramati, CEO of Torii. “SaaS warrants a completely new approach. Businesses are beginning to realize this and take more effective measures for managing their SaaS stack and mitigating the risks.”
The pandemic accelerated SaaS adoption
54% of respondents report that their company’s leadership views technology differently now than before the COVID-19 pandemic. Respondents shared that the pandemic increased SaaS tool adoption (53%) – and with that, security risk (32%) – and drove more of a security focus within their organizations (26%).
SaaS app visibility and security risks are top of mind
The biggest security-related concerns among tech executives include shadow IT (69%), offboarding employees from applications (59%), and remote workers exposing data (56%).
Shadow IT are applications that are part of a company’s tech stack but aren’t known to, or therefore sanctioned by, IT or security teams. Because of this, they can expose companies to significant risk. And with many employees now accustomed to purchasing cloud apps themselves, shadow IT isn’t going away anytime soon, if at all, as indicated by:
- 52% of survey respondents saying individual employees are purchasing apps without IT’s knowledge
- 36% saying the same is happening with line of business (LOB) managers
If IT and security teams have no visibility into shadow IT applications, they have no way of protecting the data flowing through them. This becomes increasingly clear when people leave a company when former employees aren’t offboarded from shadow IT apps – and sometimes even from sanctioned apps. This means they can still access sensitive corporate information.
Likewise, integrations can also not be ignored. With unsanctioned apps often connecting to other tools that contain company data – and vice versa – organizations run the risk of compromising this sensitive information.
Security protocols are lapsing
Adherence to security protocols has suffered. The report found that 55% of organizations have made exceptions to their protocols for SaaS applications. The reason? 80% say it’s because the applications were adopted outside IT’s purview.
Identify access management & single sign on aren’t sufficient
90% of survey respondents use identity access management (IAM) or single sign-on (SSO) to reduce exposure to security threats. However, IAM and SSO tools are focused on known applications. They don’t uncover or have visibility into shadow IT applications. This could be why companies are still wrestling with identity and access challenges.
SaaS management plans are in the works
SaaS applications will continue to dominate organizations’ tech stacks. 94% of respondents expect the number of SaaS apps in their company to increase in the next two years.
To uncover shadow IT and better manage their growing SaaS stack and the risks associated with it, technology executives say they plan to:
- Improve processes (69%)
- Evaluate or deploy SaaS management tools (64%). This is in addition to the 16% who say they already use these tools
- Increase IT headcount (50%)
Source: https://www.helpnetsecurity.com/2022/04/26/shadow-it-saas-adoption/