Cloud applications harbor major risks

By 2017, Gartner predicts that 75 % of organizations will be using SaaS (Software as a Service) applications without corporate approval or control. From an employee's point of view, this is understandable, as the practical software helpers can be obtained quickly and easily on the web, without having to go through IT, which is usually seen as a more complicated route.

However, employees who independently obtain software products from the cloud, bypassing IT, run a number of risks. The most important are:

1) The initial purchaser of the software is also its administrator.

Let's say a department manager obtains cloud software to use with his team. Since he is the one who manages the tool, he also has to create an account for each user and, of course, delete the account if an employee leaves the company, for example. If the users of the software are located in several departments, the departure of a user is often not even known. This user, for example a sales employee, then perhaps switches to a competitor company with full access to the software and the data stored in it.

2) IT cannot provide support

Since the software purchase was made bypassing IT, the service desk is not even aware of the product and accordingly cannot offer any help. Classic example: An employee has forgotten his password and can no longer log in. IT has no access to the software and therefore cannot help.

3) High risk due to insufficient data protection

Before buying a cloud product, which employee checks where the company's own data will be stored and whether data protection has been sufficiently complied with? Which of these employees even reads through the long terms and conditions written in legalese in detail before ticking the box for their consent? It is not surprising if customer and internal data are then stored in areas that can definitely not be classified as secure.

4) Account sharing can be very expensive

Nothing remains hidden from the manufacturers of a software. They have a precise overview of how the application is used and can see when the same account is accessed simultaneously at different locations via different devices. The consequence: The affected manufacturer demands that the company use the software in accordance with the contract. This means: licenses for all users must be purchased. The application, for which an annual budget of 120,000 euros for 100 users was originally planned, suddenly costs the company many times that amount. In the case of an audit, possibly even retroactively from the conclusion of the contract!

5) Cost control is not possible

The application obtained from the business department lives in the shadow of IT and is therefore not actively managed. In most cases, there is no information about who actually uses it and who only has an account for which costs are incurred but does not use it. Under certain circumstances, licenses are paid for unnecessarily over a long period of time.

Matrix42 sums up

For all these reasons, employees are advised to exercise great caution when dealing with cloud software and, above all, to involve IT. Companies should firstly be aware of the problem, secondly find a user-friendly solution and thirdly define clear rules for SaaS apps. Those responsible can avoid the entire dilemma by introducing a workspace management tool such as MyWorkspace from Matrix42, which gives all employees a personal cloud with all their apps - but one controlled by IT.

If there is clear corporate governance and sanctions for non-compliance, then employees and companies are spared from falling into the cloud trap.

https://www.matrix42.com