80% of IT Pros Rarely Collaborate with Security and Compliance Teams—Time to Fix That
In the last several years, SaaS has exploded in use and shaken up the state of IT. Now, anyone with a corporate email and an internet browser can easily access over 25,000 different SaaS tools. As such, organizations increasingly allow and encourage distributed adoption rather than traditional centralized software adoption practices.
Distributed app adoption has clear benefits. Departments and employees have greater autonomy over their apps, there are fewer application access bottlenecks, and IT teams and resources are freed up to focus on more value-based work. However, there are downsides as well.
Without a holistic SaaS management strategy, distributed adoption can result in silos for teams, knowledge, and data. Those siloes prevent the important business process of cross-functional collaboration. Even teams closely associated with IT (or even thought to be part of IT), like Security and Compliance, fail to collaborate on critical SaaS tasks.
To better understand how IT teams are collaboratively-challenged by sprawling, distributed SaaS, Torii developed the The State of SaaS at Work Report.
The State of Collaboration Between IT, Security, and Compliance
IT and Security and Compliance teams are natural allies in the fight for their organization's cybersecurity. Therefore, they should be closely aligned in how they tackle security-focused tasks. But before these teams can address potential risks and compliance issues in their SaaS stacks, they need to uncover hidden apps. However, collaboration around discovery is lacking.
The State of SaaS Report revealed that 80% of IT pros collaborate with security and compliance teams sometimes, rarely, or never to discover hidden apps that may threaten their organization. With distributed application adoption, new applications could be added by anyone at any time with just a few clicks. The more this goes unchecked and undiscovered, the more challenging it becomes to tamp down your system's potential threats and vulnerabilities.
When IT, security, and compliance do work together to surface hidden apps, the most common tasks they collaborate on include:
- Running security audits (71%)
- Reviewing administrative privileges (70%)
- Improving offboarding processes to mitigate risk (62%)
- Identifying Shadow IT (51%)
- Reviewing user activity and access privileges (47%)
Only 5% of respondents reported that they collaborate with Security and Compliance on all five tasks.
Shadow IT consistently ranks as a top security concern for tech executives, but in this study, only 51% of respondents said they collaborate on identifying Shadow IT. That misalignment between concern and action should set off alarm bells for tech leaders.
When Shadow IT goes unidentified and unexamined, IT, Security, and Compliance can’t address the risks associated with these hidden apps. Additionally, teams will be less efficient and less effective in accomplishing those top three collaborative tasks without complete visibility. You can’t run audits, review admin privileges, or offboard users from apps you can’t see.
Looking closer at offboarding processes, 32% of our respondents said that distributed SaaS adoption has made it more difficult to revoke access privileges for former employees. IT may be in charge of access management, but offboarding is also a security and compliance issue. In another Torii survey, 76% of IT leaders agreed or strongly agreed that employee offboarding is a significant security threat because when organizations fail to remove user licenses and access to SaaS apps, they (inadvertently) leave a door open to threats.
Gaining complete visibility of all applications (sanctioned and unsanctioned) plus their associated data is the key to shutting down those SaaS security threats and bridging the collaborative gap between security, compliance, and IT.
Distributed SaaS Management: The Key to Restoring Cross-Functional Collaboration
To reap the benefits of distributed app ownership and break down the barriers to cross-functional collaboration between IT, security, and compliance, organizations must shift and adopt the principles of Distributed SaaS Management (DSM)—discover, know, collaborate, and optimize.
We cannot emphasize this enough, you must gain complete visibility of the applications in your SaaS stack. It is the first step that organizations must take for IT to be a true partner to security and compliance teams in securing every app.
Discovery isn’t just about app identification, though. It must also encompass the backend details and data like who owns the app, who uses it, what licenses exist, and more, which brings us to the next principle.
Mapping out the entire SaaS portfolio to create a single source of truth (SSOT) for your SaaS data with a unified, collaborative, and synced view of all SaaS apps and their data. Through various app integrations and other methods of pulling app data, IT and collaborators on the security and compliance side can find the information they need to ensure the security of SaaS apps.
For instance, with Torii, app detail fields can include compliance details and contract data to ensure that cloud vendors comply with current best practice. Teams can also use Torii’s Security & Risk analysis report, which provides a snapshot of an application's risk levels, giving IT, security, and compliance their queues about how to act.
With visibility and new-found knowledge, IT, security, and compliance teams can move forward with their collaborative tasks knowing their not glossing over hidden applications. Security audits will be more effective, access privileges completely revoked from former employees, and non-compliant, high-risk, unsanctioned apps.
The future of SaaS management is automated. With Torii, critical but difficult or time-consuming tasks are automated to save time and mitigate errors:
- Detective work to map out your SaaS portfolio is streamlined by automated, ongoing discovery
- Repetitive, nitty-gritty de-provisioning tasks during offboarding are handled by custom workflows
- Application risk is continuously assessed.
In other words, Torii acts as another collaborative teammate working with (and for) IT, security, and compliance professionals. This frees up those teams’ time to focus on strategic initiatives collaboratively.
Read the full State of SaaS at Work Report to learn more about distributed SaaS management and its impact on cross-functional collaboration.