'Shadow IT' - A Major Concern, Says Forrester
FREMONT, CA: Most of the IT enterprises are not confident about the existing controls for SaaS security; for many, shadow IT practices, the IT systems built and used inside organizations without explicit organizational approval, are something that cannot be ignored, reveals a report by Forrester Research.
According to the report, 43 percent of respondents believed the shadow IT practices were major threats to their organizations. Also, 46 percent said that SaaS providers make overstated or unrealistic claims.
In order to bring the best out of SaaS products, apart from a clear understanding about the threats and vulnerabilities of these consumption model , it’s also critical to identify the party which is responsible for the breaches, reports Dan Kobialka for Talkin' Cloud.
Some of the major findings include:
- 79 percent of IT professionals said their organizations use SaaS, and 92 percent of respondents said they believed their existing security controls were either effective or very effective in protecting their digital assets in SaaS applications.
- 79 percent of respondents erroneously considered end users as the top group responsible for cloud services provider (CSP) security.
- 71 percent of respondents claimed to completely or mostly understand the division of security control responsibility as stipulated by their SaaS provider contracts.
- Researchers said the majority of respondents put faith in their legacy controls, but many of these controls were "outdated perimeter protections" such as firewalls and virtual private networks (VPNs).
Forrester has also come up with certain recommendations such as evaluating protection gaps by reviewing SaaS provider contracts and security capabilities, finding SaaS-focused solutions and managing SaaS adoption.
Cloud Computing Changing Management
By Tom Farrah, CIO & SVP, Dr Pepper Snapple Group
By George Evans, CIO, Singing River Health System
By John Kamin, EVP and CIO, Old National Bancorp
By Phil Jordan, CIO, Telefonica
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Dennis Hodges, CIO, Inteva Products
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
By Sven Gerjets, SVP-IT, DIRECTV
By Marie Blake, EVP & CCO, BankUnited
By Lowell Gilvin, Chief Process Officer, Jabil
By Walter Carvalho, VP & Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Marc Jones, Distinguished Engineer, IBM Cloud Infrastructure