mailing list archives
Are Your IT Workers Putting Your Company at Risk? Yes, They Are.
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 6 Dec 2013 23:47:28 -0700
The employees charged with keeping a watchful eye over a business's
cybersecurity are the ones most likely to engage in risky activities, new
A study from McAfee revealed that IT employees, more than any other type of
worker, use unapproved software and applications in the workplace.
Specifically, 83 percent of IT employees, compared with 81 percent of other
employees, admit to using technology solutions at work that have not been
approved by the IT department or been obtained in adherence to IT policies.
Overall, 35 percent of the software-as-a-service (SaaS) applications used
within companies are unapproved, the study found. Microsoft Office 365,
Zoho, LinkedIn and Facebook are the most used unapproved applications being
accessed by employees.
Lynda Stadtmueller, program director of the cloud computing analysis
service within Stratecast, a division of Frost & Sullivan that helped
conduct the research, said there are risks associated with nonsanctioned
SaaS subscriptions infiltrating corporations, particularly related to
security, compliance and availability.
"Without appropriate knowledge, nontechnical employees may choose SaaS
providers or configurations that do not measure up to corporate standards
for data protection and encryption," Stadtmueller said. "They may not
realize that their use of such applications may violate regulations
concerning handling and storage of private customer data, leaving the
company liable for breaches."
Despite the associated risks, nearly 40 percent of the IT employees
surveyed said they use unapproved software and applications in order to
bypass company-regulated IT processes. Additionally, 18 percent believe
that IT restrictions make it difficult for them to do their job.
Pat Calhoun, general manager of network security at McAfee, said that with
more than 80 percent of employees admitting to using unapproved SaaS in
their jobs, businesses need to protect themselves while still enabling
access to applications that help employees be more productive.
"The best approach is to deploy solutions that transparently monitor SaaS
applications and other forms of Web traffic, and uniformly apply enterprise
policies, without restricting employees' ability to do their jobs better,"
Calhoun said. "These not only enable secure access to SaaS applications,
but can also encrypt sensitive information, prevent data loss, protect
against malware and enable IT to enforce acceptable usage policies."
The study was based on surveys of more than 600 IT and line-of-business
decision makers or influencers at companies based in North America, the
United Kingdom, Australia and New Zealand.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
sales () riskbasedsecurity com
# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
- Are Your IT Workers Putting Your Company at Risk? Yes, They Are. Audrey McNeil (Dec 16)