How IT Can Establish Better Cloud Control
There's no getting around it: Employees who use SaaS applications are more irresponsible about password security, file transfer and IT compliance. But IT's failure to communicate about risky behavior and provide tools to help employees do their work is part of the problem. Here are steps you can take to bring SaaS back under control.
Mon, February 24, 2014
CIO — Cloud computing, particularly Software as a Service (SaaS), has become a fixture in all manner of organizations today—and with good reason: Cloud computing gives employees greater accessibility and agility than they've ever enjoyed before. But for the IT function, cloud computing can also be a massive headache in terms of both security and the creeping specter of shadow IT.
A recent study by IT services and solutions provider Softchoice reports that employees who use SaaS applications are significantly more irresponsible about password security, file transfer and IT compliance at work—all behaviors that can expose corporate data to unintentional leaks and malicious attacks.
[Related: 10 Cloud Security Startups to Watch in 2014]
With the help of The Blackstone Group, Softchoice surveyed 1,000 full-time employees in the U.S. and Canada about IT compliance, password security and file transfer.
The Problem with Passwords
On the password front, the study found the following:
- SaaS app users are more than two times more likely to display their passwords on sticky notes than non-SaaS users. Fully 25 percent of SaaS app users display their passwords on such notes, while only 10.2 percent of non-SaaS users do the same.
- SaaS app users are 10 times more likely to store their passwords on unprotected or shared drives than their counterparts. The study found 21 percent of SaaS app users store their passwords on unprotected or shared drives, while only 2.1 percent of non-SaaS users do so.
- People using SaaS apps for work are three times more likely than non-SaaS users to keep passwords in an unprotected document. The study found that 29.1 percent of SaaS app users do so compared with 10.4 percent of non-SaaS users.
- Age plays a component. The study found 28.5 percent of 20-somethings keep their app passwords in plain sight compared with 10.8 percent of Baby Boomers.
It's not that SaaS app users care less, Kane says. Instead, much of the blame lies with the fact that employees using SaaS apps for work are saddled with an ever-increasing number of passwords to wrangle.
The study found 36 percent of employees using SaaS apps for work access five or more different apps on the job and the trend seems to be rising. The temptation, Kane says, is either to recycle the same passwords over and over again (or slight riffs on the same passwords) or to use external reminders to keep log-ins straight.
[Related: 5 Tips to Keep Your Data Secure on the Cloud]
"We don't see any kind of malicious behavior," says Michael Kane, director of Cloud & Client Software at Softchoice. "The driving motivation behind this is people are trying to be more productive. As the number of SaaS applications increases day-over-day, they are using an ever increasing number of passwords."