The same individuals tasked with protecting organizations from security threats are frequently engaging in behavior that could compromise that security and result in data loss, lack of visibility and control and data breaches, according to new research.
Data security and data loss prevention solutions firm Next DLP surveyed more than 250 global security professionals at RSA Conference 2024 and Infosecurity Europe 2024 about Shadow IT. And, it turns out that despite being acutely aware of the associated risks, the majority (73%) of security professionals admitted they'd used unauthorized SaaS applications in the last year.
Furthermore, the research showed, one in ten of these professionals acknowledged that their organization had suffered a data breach or data loss as a direct result of using unauthorized tools, highlighting the real-world consequences of this widespread practice among security professionals.
But why?
The Why Behind Shadow IT
There are several factors at play here, said John Stringer, head of product at Next DLP. Often, the drive to enhance productivity and efficiency can lead even the most security-savvy users to adopt readily available tools that promise immediate benefits, despite potential security risks, he said. Additionally, the tools provided officially may sometimes be perceived as cumbersome or not fully aligned with users’ specific needs, prompting them to seek alternatives.
"Even those who are most aware of the risks associated with Shadow SaaS and unauthorized generative AI use are not immune to engaging in such practices," Stringer said.
To address these challenges, it’s essential to focus on simplifying best practices and ensuring that the tools provided by IT are as user-friendly and relevant as possible. Using a data loss prevention (DLP) platform that flags potential exposure of sensitive data or intellectual property, Stringer said.
Putting the Spotlight on Risks
"This visibility enables security teams to quickly see if sensitive data or intellectual property is being exposed via sanctioned and unsanctioned applications. In response, the team can choose to authorize an unsanctioned application with employee coaching controls around the type of data that can be exchanged, or block the use of an unsanctioned application and redirect the employee to a sanctioned application," he said. Some options are Next DLP's Reveal platform, as well as similar solutions from other vendors like Cyberhaven, Forcepoint, Trellix and others.
MSPs' and MSSPs' Role in Securing Customer Data
MSPs and MSSPs have a role to play, too, Stringer said. Channel partners can help extend the reach of DLP solutions and help their customers secure data against these kinds of insider threats, including by creating services and training programs to educate clients and sharing the insights from research to better understand the landscape of unauthorized SaaS and generative AI app usage.
"MSPs and MSSPs can leverage this data to tailor their offerings, emphasizing the importance of visibility and control in their client’s security posture," Stringer said. "By integrating solutions like the Reveal Platform, they can offer a service that not only identifies and mitigates the use of Shadow SaaS and unauthorized, AI but also helps educate end-users about the potential risks and the importance of adhering to approved tools and practices."
MSPs and MSSPs can use these insights to help clients tighten their security measures and foster a culture of compliance and awareness around the use of digital tools.
