- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
CIO - A recent study by IT services and solutions provider Softchoice reports that employees who use SaaS applications are significantly more irresponsible about password security, file transfer and IT compliance at work-all behaviors that can expose corporate data to unintentional leaks and malicious attacks.
[Related: 10 Cloud Security Startups to Watch in 2014]
With the help of The Blackstone Group, Softchoice surveyed 1,000 full-time employees in the U.S. and Canada about IT compliance, password security and file transfer.
The Problem with Passwords
On the password front, the study found the following:
It's not that SaaS app users care less, Kane says. Instead, much of the blame lies with the fact that employees using SaaS apps for work are saddled with an ever-increasing number of passwords to wrangle.
The study found 36 percent of employees using SaaS apps for work access five or more different apps on the job and the trend seems to be rising. The temptation, Kane says, is either to recycle the same passwords over and over again (or slight riffs on the same passwords) or to use external reminders to keep log-ins straight.
[Related: 5 Tips to Keep Your Data Secure on the Cloud]
"We don't see any kind of malicious behavior," says Michael Kane, director of Cloud & Client Software at Softchoice. "The driving motivation behind this is people are trying to be more productive. As the number of SaaS applications increases day-over-day, they are using an ever increasing number of passwords."
"There's not a lot of identity management or single sign-on in organizations yet, so they don't have the tools to protect those passwords," he adds.
Best Practices in SaaS Password Security
To get the password situation under control, a good start is a company-wide security protocol, Kane says. Such a protocol won't solve many of the problems above, but a well-crafted one can at least guide employees to using stronger passwords rather than distressingly common ones like "123456" or "password."
A better step is to enable on-premises-based single sign-on tied to your existing directory service (e.g., Active Directory). But the best option, Kane says, is a secure, cloud-based single sign-on solution tied to your existing directory service. Not only will this help your employees get down to a single password, it also creates a very tangible benefit for business units that use IT to help enable their SaaS apps rather than going the shadow IT route.