For all its cost, productivity and deployment benefits, SaaS requires business and IT leaders to adopt a new perspective around security. Embracing the cloud and enabling workers’ use of tech means a company must abandon some of the outdated, heavy-handed approaches to security that work in the classic, on-premise enterprise world.
Today, visibility and insight matter more.
A new generation of employees are expecting seamless software experiences. They want their phones, tablets and work-issued tech to integrate and apps, data and files being universally available. Add in the allure of slick new SaaS, click-and-deploy trials and easy purchasing and employees are firing up new software (often, with corporate data) at a rapid rate. It’s likely that most of your employees are “shadow” and using unmanaged SaaS with regularity.
Companies that have the purchase, use and deployment intelligence can be proactive in their decision making. They can simultaneously guard against non-compliance and malicious activity with strong processes while fostering a culture of flexibility, agility and savings. Companies that are operating blind don’t stand a chance.
When company leaders lack visibility, they cannot improve their risk profile. With most SaaS, onboarding is seamless, but the process of revoking, or later denying privileges is complex. As data privacy acts like GDPR come into effect, liabilities for insecure data and software handling grow. Companies are responsible for their cybersecurity capabilities, even for software they didn’t even know they had. Unmanaged software may become a conduit to malware, or move data to third-parties in an insecure way. GDPR and other governmental regulation sure to follow will require companies to build stronger processes. These efforts must begin with clear visibility into software and data ecosystems.
Digital data’s economic worth rivals that of any currency. And if there was any question, consider that when Yahoo! was the victim of a data breach in 2017, Verizon’s CEO Lowell McAdam told a company executive that a $925 million reduction in acquisition price was appropriate.
Home Depot paid over $179 million in settlements for exposing customers’ credit card numbers. Even so, this amount doesn’t include costs associated with legal fees, remediation and reputational impact that were incurred.
Even startups aren’t immune. Small and mid-sized businesses are hit by 62% of all cyber-attacks, about 4,000 per day, according to IBM. The U.S.’ National Cyber Security Alliance found that 60% of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.
The distinction between work and personal technology is forever blurred. Software innovation makes efficiency and collaboration gains too compelling. Employees will always seek it out. But, it poses a management and compliance challenge. Preventing SaaS’ natural vulnerabilities from becoming full-fledged problems, requires a tool that makes application discovery and management simple.
Visibility and insight are today’s security and compliance differentiators. Whether enabling certain technologies to be blacklisted and removed, to ensuring security and data monitoring activities cover the full scope of software in use, companies need the full picture of what’s being used, how often, by whom and in what ways.
Your best employees aren’t trying to be malicious. We’ve written about the opportunity at the root of employees’ eagerness to try software. They want to improve operations, be productive and enhance customers’ experiences. So they try SaaS, and naturally lose sight of their experimentation, purchases and licenses.
Moving to the cloud can be more cost-effective.
It can support a corporate culture of innovation, agility and collaboration.
And it can reduce technology overhead, staffing and unwieldy and costly license contracts.
However, security awareness needs heightening and this is an issue finance and technology leaders can prioritize. Together, these leaders must architect a corporate environment where cloud solutions, security and flexibility co-exist. This future starts with awareness.