A Softchoice survey of 1,000 full-time people in North America found employees who use SaaS apps for work are developing bad tech habits that expose their organizations to security breaches and data loss.
Our report summary provides an in-depth exploration of how SaaS is adding a new element of risk to the way we work, and what IT departments can do to eliminate bad user behavior in the cloud.
2. INTRODUCTION
Cloud computing has become a permanent addition to all types of businesses –
from startups to global corporations.
In the age of the cloud, employees enjoy greater accessibility and agility than
ever before.
But, as is often the case once new technology sees widespread use, new
behaviors emerge – some risky.
People who use SaaS applications were significantly more irresponsible about
password security, file transfer and IT compliance at work – exhibiting behaviors
that can expose corporate data to unintentional leaks and malicious attacks.
METHODOLOGY
Softchoice, a leading North American IT services and solutions provider, commissioned a study conducted by The Blackstone Group
to explore workers’ technology habits in the office. 1,000 full-time employees in the U.S. and Canada were asked about their
behavior around app security, remote access, file transfer and IT compliance.
4. PASSWORD SECURITY
IN THE CLOUD
10.2%
25%
Non-app users
SaaS app users
SaaS app users are 10x more
likely to store passwords
on unprotected or shared
drives.
29.1%
Non-app users
SaaS app users
People using SaaS apps for
work were 3x more likely to
keep passwords in an
unprotected document.
SaaS app users are over 2x
more likely to display their
passwords on Post-its.
Click me
to share!
10.4%
2.1%
Non-app users
SaaS app users
21%
5. NUMBERS GAME:
AGE OR QUANTITY?
The reason for shoddy password protection among SaaS application users is
found in the sheer number of apps employees access
28.5%
10.8%
Twenty-somethings
Baby Boomers
28.5% of twenty-somethings keep their app
passwords in plain sight, compared to 10.8%
of Baby Boomers.
36% of employees using SaaS apps for work
access five or more different apps on the job –
resulting in too many unique (or slight riffs on
the same) log-ins for them to memorize or
maintain securely.
6. SOLUTIONS:
PROVEN PASSWORD SECURITY
Good
Companywide password
security protocol.
Better
On-premise-based
single-sign-on tied to your
existing Directory Service
(e.g. Active Directory).
Best
Secure, cloud-based
single-sign-on solution tied to
your existing Directory Service
(e.g. Active Directory).
8. FILE TRANSFER & REMOTE ACCESS
SaaS APP USERS ARE…
59.1%
27.5%
Non-app users
SaaS app users
2x more likely to email the
work files they need to their
personal account.
17.7%
3.7%
Non-app users
SaaS app users
4x more likely to attempt
logging into a work account
associated with a former job.
…THAN NON SaaS APP USERS
27%
1.6%
Non-app users
SaaS app users
16x more likely to access work
files through an app that IT
doesn’t know they have.
9. CRIPPLED BY CONVENIENCE?
Once employees actively use cloud apps, it seems that the desire for instant
information gratification motivates their tech behavior beyond the cloud
Finding an app that makes one’s daily
job responsibilities easier is perceived
as more important than running that
download decision by IT. Unprotected
email exchanges and meddling into old
accounts becomes personally justifiable
by this “I need it now” attitude.
76% of SaaS app users have needed to
access work files away from the office,
compared to 58% of non-app users.
The cloud is therefore redefining how
employees approach their jobs overall,
not just how they use technology.
10. SOLUTIONS:
FOOLPROOF FILE TRANSFER
Good
Standardize on a cloud-based
collaboration platform solution
(e.g. Box).
Better
Best
Standardize on a cloud-based
collaboration platform solution,
coupled with a mobile device
management (BYOD) strategy.
Standardize on a cloud-based
collaboration platform solution,
coupled with a mobile device
management (BYOD) strategy.
Add a cloud platform to provide
end-user management and
reporting capabilities to
mitigate future risk.
12. CLOUDING IT COMPLIANCE
Close to 1/3 of SaaS users reported downloading an app
without letting IT know. What’s encouraging this rogue behavior?
39% used the app for personal reasons first,
then started using it for work, blurring the
lines between personal and corporate use.
13. CLOUD-CONSCIOUS IT
37% of SaaS app users say
their IT departments get them
what they need.
37%
Non-app users
67%
SaaS app users
67% of SaaS users say IT is
responsive to them.
Almost half of SaaS app users (46%) said
that when an unsanctioned app is found,
their IT department provides a secure
equivalent.
46%
Non-app users
79%
SaaS app users
79% of all employees said their IT
department takes some form of action
when an unsanctioned SaaS app is found
in the office environment.
14. YOUR IT TEAM HAS A BETTER
REPUTATION THAN YOU THINK
Most employees feel that IT is responsive when accommodating new app
requests. And instead of turning a blind eye to rogue app downloads, IT often
deletes and blocks these programs, and finds safer alternatives.
What IT has failed to control is the flow of personal cloud use behavior into
the workplace. This presents a challenge for IT:
To initiate plans and
policies for long-term
conditioning.
To teach employees
best-use standards that
will protect them at work
and in their personal
lives.
15. SOLUTIONS: MOVING FROM
IT GATEKEEPER TO SaaS ENABLER
Good
Better
Best
Third-party scan of IT
environment to
uncover unsanctioned
SaaS app use.
Communicate risks of
this ‘shadow IT’ to
employees.
Scan to uncover
unsanctioned SaaS app
use. Communicate risks of
‘shadow IT’ to employees.
Provide a standard ‘safe’
vendor list for SaaS apps.
Standardized procurement of ‘safe’ list of
vetted SaaS apps, all accessed through
an identity management platform to
centralize provisioning and
deprovisioning capabilities via a cloud
portal, enabling lines of business to
make their own choices while
minimizing risk for IT.
16. CONCLUSION: CLOUD CONTROL
Looking at end-user cloud behavior, three curable issues emerge:
Employees are surpassing their
app threshold. Too many accounts
prohibits safe password
procedures.
Today’s employees don’t just use
technology differently, they work
differently.
Employees are undermining their
IT departments by failing to grasp
the risks of their lax behavior.
Next Steps
Next Steps
Next Steps
-Establish a company-wide
password policy or single-sign on
platform
-Adopt a cloud-based
collaboration solution
-Tie in a BYOD strategy
-Assess your IT environment
-Communicate shadow IT’s risks
-Consider an identity
management solution
Start solving one problem, and you’ll likely solve them all…
17. CLOUD CONTROL
Business leaders must empower the IT department to provide workers with
the apps they want (and need) to be productive
Step 1: Put the right pieces in place.
Implement the right policies,
procedures and cloud-ready
infrastructure to give IT the ability to
deploy and manage suitable SaaS apps
that employees need to be more
productive in (and away from)
the office.
Step 2: Regularly communicate the
secure, user-friendly cloud options at
employees’ disposal and how to access
them. As front-office staff increasingly
see IT promote secure and flexible
cloud technologies, they’ll become
more aware of their advantages and
more willing to comply with the rules.
18. Ready to put an end to
careless cloud use?
Contact us today to learn more about how Softchoice
makes it easier to source, implement and manage the
right cloud solutions for your organization.
softchoicecloud.com
1-800-268-7368