Rogue SaaS Poses Security Nightmare

Rogue SaaS Poses Security Nightmare

By Doug Barney

There have always been rogue end users -- that’s how PCs came to dominate in the first place. The cloud poses a bigger threat to IT as these apps and services are far harder to control.

McAfee is now warning of the onslaught of unapproved SaaS apps, and how they might cause data leakage and open the doors to hackers.

The results are stunning, but maybe not surprising when you think about it. According to the research, actually performed by Frost & Sullivan’s Stratecast division, over 80 percent of workers are using rogue SaaS tools while at work. And for IT workers, the numbers are even higher!

Like PCs decades ago, these SaaS apps fall under the notion of Shadow IT where users and departments take IT initiatives into their own hands. While a boon to productivity, the lack of IT control creates security, data leakage and compliance problems. The trick for IT is to try to be nimble enough to actually support, protect and manage these applications, making end users happy while keeping the enterprise safe. These rogue apps are part of what’s driving the SaaS market, which Frost & Sullivan believes is growing at a CAGR of 16 percent, and poised to hit $23.5 billion in 2017.

“There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability,” said Lynda Stadtmueller, program director of the Cloud Computing analysis service within Stratecast. “Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption. They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches.”

The number one rogue SaaS app, Microsoft may be happy to hear, is Office 365 that is used by 9 percent of those polled, even outstripping LinkedIn and Facebook. While some may see unapproved app dangers as an idle threat, some 15 percent of those polled have had a liability or security event occur.

“With over 80 percent of employees admitting to using non-approved SaaS in their jobs, businesses clearly need to protect themselves while still enabling access to applications that help employees be more productive,” said Pat Calhoun, general manager of network security at McAfee. “The best approach is to deploy solutions that transparently monitor SaaS applications and other forms of web traffic, and uniformly apply enterprise policies, without restricting employees’ ability to do their jobs better. These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware, and enable IT to enforce acceptable usage policies.” 




Edited by Cassandra Tucker
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor at Large

SHARE THIS ARTICLE
Related Articles

SonicWall Powers Secure Access for Missouri MSP, Improving Cybersecurity and Network Access for Clients

By: Erik Linask    6/27/2025

With SonicWall, Stronghold Data delivers a modern, secure remote access solution that ensures access to networks and resources and improves cybersecur…

Read More

Guardz Unleashes AI-Driven ITDR to Combat Escalating Identity-Based Threats

By: Erik Linask    6/26/2025

The launch of Identity Threat Detection and Response (ITDR) gives MSPs the tools to defend SMBs against increasingly sophisticated attacks targeting u…

Read More

Barracuda Managed Vulnerability Security: A Proactive Shield Against Escalating Cyber Threats

By: Erik Linask    6/26/2025

Barracuda's Managed Vulnerability Security is a fully managed scanning and risk assessment service powered by its global SOC.

Read More

Can MSPs Cut Microsoft Teams Incident Management Time by 50%? Martello Says Yes

By: Erik Linask    6/18/2025

New research shows MSPs can achieve a 50% reduction in labor required for Microsoft Teams incident management by using proactive monitoring and advanc…

Read More

Supercharging Your MSP with AI at SuperSummit 2025 in Dallas

By: Erik Linask    6/18/2025

SuperSummit 2025 features targeted content and education to help MSPs capitalize on the AI revolution to improve there businesses models and operation…

Read More