Shadow IT's Growing Footprint
-
Shadow IT Is Rampant
81% of line-of-business workers and 83% of IT staff admit to using nonapproved SaaS apps. -
Creatures of Habit
49% of business and 42% of IT workers use nonapproved SaaS apps because they're familiar with them. -
IT Is Not Responsive
38% of business and 32% of IT workers use these apps because IT approval processes are too slow. -
Seeking the Best
24% of both business and IT workers use nonapproved SaaS apps because they are better than the approved alternative. -
Limited Options
18% of business and 14% of IT workers use these apps because the approved tools don't perform needed functions. -
Aware of Risks
33% of IT and 30% of business workers express a "high level of concern" over potential SaaS risks such as loss of data and breaches. -
Unclear Policies
Business workers are three times as likely as IT workers to think their company has no SaaS policies—or to not be aware of any. -
IT Is a Bigger Offender
26% of IT departments use six or more nonapproved SaaS apps; just 7% of business units use that many. -
Facebook Risks
Facebook is used without IT approval in 45% of enterprises, and 19% of them have been infected by malware. -
Google Apps Risks
Google Apps is used without IT approval in 40% of enterprises, and 27% of them have leaked sensitive data. -
Dropbox Risks
Dropbox is used without IT approval in 38% of enterprises, and 24% of them have experienced unauthorized access.
The "shadow IT" phenomenon may be a bigger issue than companies have realized. As software-as-a-service (SaaS) apps have risen in effectiveness, stature and influence, their use outside the purview of IT has spread like wildfire. Such are the findings of a study conducted for McAfee by Stratecast, a unit of Frost & Sullivan. In surveying 300 IT workers and 300 line-of-business workers at enterprises in the United States, United Kingdom, Australia and New Zealand, Stratecast found that more than 80 percent of both groups admit to using SaaS apps at work without IT's approval. Despite the fact that many respondents are aware that they're circumventing IT approval processes and introducing potential risks, they feel that the business value in rogue SaaS apps outweighs any potential concerns. The message for employers is clear: "Businesses need to protect themselves, while still enabling access to applications that help employees be more productive," said Pat Calhoun, McAfee's general manager of network security. Specifically, the study makes a few pointed recommendations: Don't block popular SaaS apps that help employees get their jobs done; give employees the freedom to choose from the broadest possible range of approved apps; and implement a security solution that allows access to SaaS apps while protecting against malware and data loss. Such steps figure to become even more important, as Frost & Sullivan predicts that the SaaS market in North America alone will reach $23.5 billion by 2017.