'Shadow IT' - A Major Concern, Says Forrester
FREMONT, CA: Most of the IT enterprises are not confident about the existing controls for SaaS security; for many, shadow IT practices, the IT systems built and used inside organizations without explicit organizational approval, are something that cannot be ignored, reveals a report by Forrester Research.
According to the report, 43 percent of respondents believed the shadow IT practices were major threats to their organizations. Also, 46 percent said that SaaS providers make overstated or unrealistic claims.
In order to bring the best out of SaaS products, apart from a clear understanding about the threats and vulnerabilities of these consumption model , it’s also critical to identify the party which is responsible for the breaches, reports Dan Kobialka for Talkin' Cloud.
Some of the major findings include:
- 79 percent of IT professionals said their organizations use SaaS, and 92 percent of respondents said they believed their existing security controls were either effective or very effective in protecting their digital assets in SaaS applications.
- 79 percent of respondents erroneously considered end users as the top group responsible for cloud services provider (CSP) security.
- 71 percent of respondents claimed to completely or mostly understand the division of security control responsibility as stipulated by their SaaS provider contracts.
- Researchers said the majority of respondents put faith in their legacy controls, but many of these controls were "outdated perimeter protections" such as firewalls and virtual private networks (VPNs).
Forrester has also come up with certain recommendations such as evaluating protection gaps by reviewing SaaS provider contracts and security capabilities, finding SaaS-focused solutions and managing SaaS adoption.
Cloud Computing Changing Management
By Debra Jensen, CIO, Charlotte Russe
By Phil Jordan, CIO, Telefonica
By Alberto Ruocco, CIO, American Electric Power
By Sven Gerjets, SVP-IT, DIRECTV
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Mike Fitton, Wireless Business Unit Director, Altera
By Jim Kaskade, VP and GM, Big Data & Analytics, CSC
By Graham Welch, Director-Cisco Security, Cisco
By Michael Watkins, Senior Product Director, Global Knowledge
By Nelson C. Vincent, EdD, VP for IT and CIO, University of...
By Sharon Gietl, VP-IT & CIO, The Doe Run Company
By Arnold Leap, CIO, 1-800-Flowers.com
By Gary Barlet, CIO, USPS OIG
By Mike Dieter, CTO, Transplace
By Bill Schimikowski, VP, Customer Experience, Fidelity...
By Kevin Kometer, CIO, CME Group
By John Landwehr, Public Sector CTO, Adobe
By Marc Probst, CIO & VP, Intermountain Healthcare
By Charles Koontz, President & CEO, GE Healthcare IT & Chief...
By Jeff Bauserman, VP-Information Systems & Technology,...