Skip Links

How IT Can Establish Better Cloud Control

By Thor Olavsrud, CIO
February 24, 2014 09:21 AM ET

CIO - A recent study by IT services and solutions provider Softchoice reports that employees who use SaaS applications are significantly more irresponsible about password security, file transfer and IT compliance at work-all behaviors that can expose corporate data to unintentional leaks and malicious attacks.

[Related: 10 Cloud Security Startups to Watch in 2014]

With the help of The Blackstone Group, Softchoice surveyed 1,000 full-time employees in the U.S. and Canada about IT compliance, password security and file transfer.

The Problem with Passwords

On the password front, the study found the following:

  • SaaS app users are more than two times more likely to display their passwords on sticky notes than non-SaaS users. Fully 25 percent of SaaS app users display their passwords on such notes, while only 10.2 percent of non-SaaS users do the same.
  • SaaS app users are 10 times more likely to store their passwords on unprotected or shared drives than their counterparts. The study found 21 percent of SaaS app users store their passwords on unprotected or shared drives, while only 2.1 percent of non-SaaS users do so.
  • People using SaaS apps for work are three times more likely than non-SaaS users to keep passwords in an unprotected document. The study found that 29.1 percent of SaaS app users do so compared with 10.4 percent of non-SaaS users.
  • Age plays a component. The study found 28.5 percent of 20-somethings keep their app passwords in plain sight compared with 10.8 percent of Baby Boomers.

It's not that SaaS app users care less, Kane says. Instead, much of the blame lies with the fact that employees using SaaS apps for work are saddled with an ever-increasing number of passwords to wrangle.

The study found 36 percent of employees using SaaS apps for work access five or more different apps on the job and the trend seems to be rising. The temptation, Kane says, is either to recycle the same passwords over and over again (or slight riffs on the same passwords) or to use external reminders to keep log-ins straight.

[Related: 5 Tips to Keep Your Data Secure on the Cloud]

"We don't see any kind of malicious behavior," says Michael Kane, director of Cloud & Client Software at Softchoice. "The driving motivation behind this is people are trying to be more productive. As the number of SaaS applications increases day-over-day, they are using an ever increasing number of passwords."

"There's not a lot of identity management or single sign-on in organizations yet, so they don't have the tools to protect those passwords," he adds.

Best Practices in SaaS Password Security

To get the password situation under control, a good start is a company-wide security protocol, Kane says. Such a protocol won't solve many of the problems above, but a well-crafted one can at least guide employees to using stronger passwords rather than distressingly common ones like "123456" or "password."

[Related: CIOs Must Balance Cloud Security and Customer Service]

A better step is to enable on-premises-based single sign-on tied to your existing directory service (e.g., Active Directory). But the best option, Kane says, is a secure, cloud-based single sign-on solution tied to your existing directory service. Not only will this help your employees get down to a single password, it also creates a very tangible benefit for business units that use IT to help enable their SaaS apps rather than going the shadow IT route.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News