The security of unauthorized Software as a Service (SaaS) applications were analyzed in a recent report by Next DLP. The report that nearly three quarters (73%) of security professionals admit to using SaaS applications that had not been provided by their company’s IT team in the past year. This is despite the fact that they are acutely aware of the risks, with respondents naming data loss (65%), lack of visibility and control (62%) and data breaches (52%) as the top risks of using unauthorized tools. Adding to this, one in 10 admitted they were certain their organization had suffered a data breach or data loss as a result.
Half of the respondents highlighted that artificial intelligence (AI) use had been restricted to certain job functions and roles in their organization, while 16% had banned the technology completely. Adding to this, 46% of organizations have implemented tools and policies to control employees’ use of GenAI.
Additional report findings include:
- 40% of security professionals do not think employees properly understand the data security risks associated with Shadow SaaS and AI.
- 37% of security professionals had developed clear policies and consequences for using these tools, with even less (28%) promoting approved alternatives to combat usage.
- Half had received guidance and updated policies on Shadow SaaS and AI in the past six months, with one in five admitting to never receiving this.
- Additionally, nearly one-fifth of security professionals were unaware of whether their company had updated policies or provided training on these risks, indicating a need for further awareness and education.