SaaS Users Throw Security to the Wind

By CIOReview | Wednesday, February 26, 2014

FREMONT, CA: SaaS has come a long way since its innovation and marketed its way around the enterprises and is meeting the top requirements of employees. However employees are not paying ample attention to password security while accessing SaaS applications. Thor Olavsrud of has more information on this.

A recent study by IT services and solutions provider Softchoice reports that employees who use SaaS applications are significantly more irresponsible about password security, file transfer and IT compliance at work-all behaviors that can expose corporate data to unintentional leaks and malicious attacks.
According to the study, employees who operate SaaS app, access five or more different apps on the job and are 10 times more likely to store their passwords on unprotected documents or shared drives, making corporate data viable for malicious attacks.

"We don't see any kind of malicious behavior, the driving motivation behind this is people are trying to be more productive. As the number of SaaS applications increases day-over-day, they are using an ever increasing number of passwords." says Michael Kane, director of Cloud & Client Software at Softchoice.

To deliver a solution to this problem, company-wide security protocol could guide employees to use stronger passwords and the best option will be to come up with a cloud based single sign-on solution linked with existing directory service.
According to the study, File transfer and remote access SaaS apps in the enterprise are not supported by the organization’s central IT department yet. SaaS app users email work files they need to a personal account than non-SaaS users. They tend to access work files away from office through an app that IT is not aware of.  However this act could create compliance issues since IT lacks visibility into the applications employees are using and how the company's data is flowing through those applications.

On the whole, Kane says, IT teams need to stop turning a blind eye to rogue app downloads and instead delete and block the rogue apps and find safer alternatives. IT must also teach employees on best-use standards that will protect them at work and in their personal lives. Employees need to access SaaS app through an identity management platform to centralize provisioning and deprovisioning capabilities via a cloud portal, enabling lines of business to make their own choices while minimizing risk for IT,” Kane says.