2014 Market Pulse Survey: Employees Going Rogue with Corporate Data in the Cloud
We’ve known for some time that the adoption of cloud technologies would have a significant impact on the enterprise, and that when SaaS applications started gaining traction, widespread adoption would be almost immediate. That time is now, according to SailPoint’s latest Market Pulse Survey. And, based on our findings, enterprises are behind on managing the risks associated with cloud applications.
The challenge with cloud applications is that IT organizations must now manage applications that are deployed – and accessed – completely outside the firewall. Adding to the complexity, employees are starting to use consumer-oriented applications for work-related activities, creating a significant blind spot when it comes to risk.
I know companies are struggling to regain control over this area, in a way that enables business users to still take advantage of the benefits that cloud applications offer. Certainly, there has been real progress made over some obvious SaaS enterprise applications (Salesforce, for example). But particularly when it comes to consumer-focused apps like Dropbox or Google Docs, companies are relying heavily on the ideal that their employees will follow corporate guidelines around information sharing.
For this year’s survey, we wanted to put employees to the test. After surveying 1,000 employees at large organizations in Australia, France, Germany, the Netherlands, the United Kingdom and the United States, we found that companies need to be worried. Perhaps most eye opening is that 1 in 5 employees openly admitted that they have uploaded proprietary corporate data to a SaaS app like Dropbox or Google Docs, with the specific intent of sharing it outside of the company. Let that stat sink in for a minute: 1 in 5 employees are using a consumer cloud app to share IP. This is the same data that is often kept under lock and key behind the firewall. And, keep in mind that 66% of users were able to access those very same cloud storage applications after leaving their last job.
Unfortunately, this stat shows that IT organizations are slow to incorporate the SaaS environment into their overall IAM strategy. Not surprising since SaaS applications are often adopted without IT even being involved. Obviously, this is not sustainable and needs to be addressed in order to reduce the risk associated with SaaS utilization. Importantly, SaaS applications should and need to be managed in context with other enterprise assets as part of a holistic identity strategy, not as a siloed application space.
We’ll be dissecting the survey’s findings in the coming weeks, and will share advice on how companies can regain control. What’s needed is an IAM strategy that facilitates access to cloud and Web applications anytime, anywhere, via any device, while at the same time giving IT the control and visibility needed by today’s enterprises. IAM is a critical component of any risk strategy because it can help organizations prevent data misuse and insider fraud or sabotage. Organizations can’t simply hope for the best when it comes to protecting this information.