A new report from Toronto-based solution provider Softchoice is raising concerns about the impact of software-as-a-service (SaaS) applications on end user behaviour, and recommends steps that can be taken to mitigate the IT risk to the organization.
According to the Softchoice report, which surveyed 1,000 business users in Canada and the U.S., users of SaaS applications display riskier tech habits that those who don’t, and the more SaaS applications people use, the riskier their technology behaviour becomes.
“Cloud computing is changing our work habits and giving way to the expectation that our work files be accessible any time, and from any device, regardless of whether IT can securely manage it,” said Mike Kane, Softchoice’s director of cloud & client software, in a statement. “SaaS is becoming core to the way we work, which means organizations must act quickly to manage users in the cloud.”
Take, for example, password security. The report found that SaaS app users are twice as likely to display their passwords on Post-its, 10 times more likely to store passwords on unprotected or shared drives, and three times as likely to keep passwords in an unprotected document.
It’s a numbers game, said Softchoice, with 36 per cent of employees accessing five or more SaaS apps on the job each day. More SaaS apps means more passwords to remember, and this a higher likelihood of unsafe password practices, such as reusing the same passwords or storing them insecurely.
The solution? Softchoice recommends an on-premise or cloud-based single sign-on solution tied to the company’s existing directory service, such as Active Directory.
Another issue is file transfer and remote access, with SaaS users twice as likely to email work files to a personal e-mail, four times as likely to try logging into a work account from a job they’ve left, and 16 times as likely to try to access work files from an app that IT doesn’t know about. And using SaaS apps, said Softchoice, feels a desire by users for more convenience and more SaaS apps, whether sanctioned by IT or not.
To address this, Softchoice recommends businesses standardize on a cloud-based collaboration platform solution, implement a mobile bring your own device strategy, and use a cloud platform for end-user management and reporting.
When it comes to IT compliance, the report found that 1/3 of users admitted to downloading apps without letting IT know. For many, they started using the app for personal reasons first, and then the lines between personal and work use became blurred.
It’s not a case of distrusting IT though, or IT providing poor service. Some 67 per cent of SaaS users said IT is responsive to them, and 46 per cent said when an unsanctioned app is found, IT provides them a secure equivalent. Where IT has failed, said the report, is in controlling the flow of personal clouse use behaviour into the enterprise.
Softchoice recommends that IT provide access to a “safe” list of vetted SaaS apps through an identity management platform, with centralized provisioning and deprovisioning via a cloud platform, so line of business can choose their apps and IT can minimize risk.
“IT is doing a better job finding unsanctioned apps in their environment, but failing to correct the behavior that put them there in the first place,” Kane said. “Beyond enabling secure SaaS use for work, IT must better educate employees on best-use standards that will protect them both at work and in their personal lives.”