'Shadow IT' - A Major Concern, Says Forrester

By CIOReview | Monday, May 19, 2014

FREMONT, CA: Most of the IT enterprises are not confident about the existing controls for SaaS security; for many, shadow IT practices, the IT systems built and used inside organizations without explicit organizational approval, are something that cannot be ignored, reveals a report by Forrester Research.

According to the report, 43 percent of respondents believed the shadow IT practices   were major threats to their organizations. Also, 46 percent said that SaaS providers make overstated or unrealistic claims.

In order to bring the best out of SaaS products, apart from a clear understanding about the threats and vulnerabilities of these consumption model , it’s also critical to identify the party which is responsible for the breaches, reports Dan Kobialka for Talkin' Cloud.

Some of the major findings include:

  • 79 percent of IT professionals said their organizations use SaaS, and 92 percent of respondents said they believed their existing security controls were either effective or very effective in protecting their digital assets in SaaS applications.
  • 79 percent of respondents erroneously considered end users as the top group responsible for cloud services provider (CSP) security.
  • 71 percent of respondents claimed to completely or mostly understand the division of security control responsibility as stipulated by their SaaS provider contracts.
  • Researchers said the majority of respondents put faith in their legacy controls, but many of these controls were "outdated perimeter protections" such as firewalls and virtual private networks (VPNs).

Forrester has also come up with certain recommendations such as evaluating protection gaps by reviewing SaaS provider contracts and security capabilities, finding SaaS-focused solutions and managing SaaS adoption.