IT leaders may underestimate the risk of shadow SaaS, finds new Snow Software survey

IT leaders may underestimate the risk of shadow SaaS, finds new Snow Software survey

Snow Software, a global leader in technology intelligence, has unveiled data highlighting the challenges facing IT leaders due to expanded Software-as-a-Service (SaaS) usage.

While a huge majority of IT leaders (96%) indicated they were ‘confident or very confident’ in their organisation’s SaaS security measures, the top challenge for leaders managing SaaS was ‘employees adding new SaaS applications without notifying IT,’ suggesting that leaders may underestimate the importance of visibility in security.

According to IDC, SaaS is the top source for cloud spend in 2022, accounting for US$177.8 billion of the market. In the Snow survey examining the state of SaaS management, which surveyed 1,000 IT leaders from large organisations of 500+ employees in the United States and United Kingdom, 44% said ‘employees adding new SaaS applications without notifying IT’ is their top challenge to managing SaaS applications at their organisation, closely followed by managing SaaS security (42%). When asked why these issues were so challenging, IT leaders indicated the impact to other IT programs (47%), organisational dynamics (38%), lack of time and resources (37%) and lack of visibility (36%).

“Post-pandemic IT teams are seeing a large increase in SaaS applications procured without the knowledge of IT,” said Becky Trevino, Executive Vice President of Products at Snow. “Amid increasing cybersecurity risks and mounting pressure to cut costs, IT leaders realise they need to better govern unknown and unsanctioned SaaS usage. CIOs are ultimately responsible for the security and management of SaaS applications regardless of where they are procured and to do this effectively IT needs complete visibility into what it is they need to secure.”

Views on budget and security ownership depends on your leadership level

Cybersecurity is a major focus for IT decision-makers right now, particularly as business leaders navigate market uncertainty and plan 2023 budgets in anticipation of a recession. However, ownership is not clear among IT leaders, which can put organisations at risk for elevated costs and gaps in security.

• IT leaders ranked ‘managing the security of SaaS applications’ as the number one most important issue to managing SaaS applications at their organisation, followed by ‘identifying usage of all SaaS applications within our organisation.’

• 96% of those surveyed reported feeling ‘confident’ or ‘very confident’ in their organisation’s SaaS security measures.

• According to the survey, SaaS purchasing power and IT/security responsibility rests firmly within two groups: CIOs/IT leadership and IT Asset Management (ITAM) or Software Asset Management (SAM) teams.

• Senior leaders (41% of Vice Presidents, 45% of Senior Vice Presidents and 52% of C-level executives) look to the CIO and/or IT leadership to take responsibility for SaaS purchasing and security issues over other departments and roles, while more mid-level management (50% of managers and 44% of directors) put the onus of SaaS management and security on peers within ITAM/SAM.

• 48% of IT leaders surveyed said that if budget, resources and time were not a factor, they’d like to pivot all SaaS application spending to IT to address SaaS sprawl.

Browse our latest issue

Intelligent CISO

View Magazine Archive