More than 80 per cent of employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs, a new survey has found.
The survey was carried out by Stratecast, a branch of analysts Frost & Sullivan, and commissioned by McAfee. It asked 300 IT staff and 300 "line-of-business" employees of businesses that employ 1,000 staff or more for their views on "shadow IT" - SaaS applications used by employees for business, which have not been approved by the IT department or obtained according to IT policies. The employees represented different industries, and came from North America, the UK, Australia and New Zealand.
Only 19 per cent of line-of-business employees and 17 per cent of IT employees said that they did not use any non-approved SaaS applications. According to respondents, the average company uses about 20 SaaS applications, seven of which are non-approved.
"That means you can expect that upwards of 35 per cent of all SaaS apps in your company are purchased and used without oversight," CEOs and CIOs were warned by Stratecast.
The survey found that IT employees used a higher number of non-approved SaaS applications than line-of-business staff.
"It appears that, in acting as the guardian of corporate technology, the IT department considers itself exempt," the report stated.
This could be down to IT employees' overconfidence in their ability to assess risks, Stratecast said, but also a greater familiarity with a range of SaaS solutions.
The report adds that IT departments and security officers are unaware of the extent of shadow IT, and therefore unprepared to deal with it.
Responses suggested that firms had several different IT policies in place, leaving employees confused and showing that companies did not know what was best practice.
One of the top drivers for respondents to choose "unapproved" software is to get the tools they need faster, enabling them to work more efficiently. Many of the responses suggested that there were inadequacies in "approved software".
Less than half of the respondents believed that there was "high concern" that their use of unapproved software could lead to sensitive corporate or personal data being accessed, stolen or exposed by unauthorised users.
About 40 per cent of respondents had "high concern" that data would be lost or deleted by the cloud provider and only 41 per cent had a "high concern" that their employer's reputation would suffer due to security or access issues. Less than a third said they were worried that the company would not be in compliance with regulations as a result of using non-approved SaaS applications.
About 15 per cent of all employees had experienced one or more "incidents" such as malware infection, data loss, unauthorised or blocked access associated with using a particular SaaS application.
Stratecast said that IT and business leaders needed to "work together to create and support policies that enable employees to use the apps they need to be productive, with controls in place to protect data and minimise corporate risk".