Published December 09, 2013
The employees charged with keeping a watchful eye over a business's cybersecurity are the ones most likely to engage in risky activities, new research finds.
A study from McAfee revealed that IT employees, more than any other type of worker, use unapproved software and applications in the workplace. Specifically, 83 percent of IT employees, compared with 81 percent of other employees, admit to using technology solutions at work that have not been approved by the IT department or been obtained in adherence to IT policies.
Overall, 35 percent of the software-as-a-service (SaaS) applications used within companies are unapproved, the study found. Microsoft Office 365, Zoho, LinkedIn and Facebook are the most used unapproved applications being accessed by employees.
Lynda Stadtmueller, program director of the cloud computing analysis service within Stratecast, a division of Frost & Sullivan that helped conduct the research, said there are risks associated with nonsanctioned SaaS subscriptions infiltrating corporations, particularly related to security, compliance and availability.
"Without appropriate knowledge, nontechnical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption," Stadtmueller said. "They may not realize that their use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches."
Despite the associated risks, nearly 40 percent of the IT employees surveyed said they use unapproved software and applications in order to bypass company-regulated IT processes. Additionally, 18 percent believe that IT restrictions make it difficult for them to do their job.
Pat Calhoun, general manager of network security at McAfee, said that with more than 80 percent of employees admitting to using unapproved SaaS in their jobs, businesses need to protect themselves while still enabling access to applications that help employees be more productive.
"The best approach is to deploy solutions that transparently monitor SaaS applications and other forms of Web traffic, and uniformly apply enterprise policies, without restricting employees' ability to do their jobs better," Calhoun said. "These not only enable secure access to SaaS applications, but can also encrypt sensitive information, prevent data loss, protect against malware and enable IT to enforce acceptable usage policies."
The study was based on surveys of more than 600 IT and line-of-business decision makers or influencers at companies based in North America, the United Kingdom, Australia and New Zealand.
Originally published on BusinessNewsDaily.