July 2019 – Welcome to SaasTrax!

The most important weapon in your fight against Shadow IT

July 31, 2019/in SaasTrax /by wordpromise

Companies are struggling under the epidemic of Shadow IT for one reason: Employees want access to software and systems their companies don’t offer.

The good news? Your Shadow IT problem was caused by good intentions. The bad news? Shadow IT is still a problem, posing significant risks to your organization and its data.

While it may be tempting to scrap every unauthorized download in the process of cleaning up your technology, experts say the solution is not to do away with all the SaaS platforms and cloud-based systems your employees want.

You just have to eliminate the ones they no longer use.

That’s where the SaaSTrax audit feature comes in. It’s a tool that allows owners, IT departments or anyone else in a company to survey its employees and find out what tools they are actively using, and what tools they aren’t. It allows you to mitigate the risk that comes with Shadow IT, without turning off services that are making your employees more efficient, more productive and overall, more engaged.

Many companies ask us why you need to engage employees in the process of weeding out Shadow IT. After all, if company executives or IT leaders are supposed to be in charge of all technology within a business, shouldn’t they have the final say in what stays and what goes?

It’s a common reaction to the risks posed by Shadow IT. Take this statistic, for example: Just 7% of lost organizational data is actively hacked, while 81% of it is stolen or even inadvertently disclosed. When your employees bring SaaS platforms and cloud services into a business without the approval or knowledge of the IT department, they may be handing over critical company data or worse, leaving the door wide open for cyber thieves to walk right in.

Still, the answer isn’t to wipe the slate clean of every piece of software that comes in under the radar. In fact, experts advise against a slash-and-burn approach and instead favor one that engages your employees in the process. After all, they downloaded these platforms to make them more effective at their jobs — a sign of engagement at a time when employees are largely and worryingly unengaged. According to Gallup, 66% of American workers are either not engaged or actively disengaged at work. That doesn’t just affect employee happiness; it matters for overall business profitability: Companies with engaged employees see earnings-per-share growth that is more than 4 times that of the competition.

So, as research firm Gartner advises: “Companies should find a way to track Shadow IT and create a culture of acceptance and protection versus detection and punishment.”

That makes the audit a vital part of the process, and there are two ways to go about it: You can use a service like SaaSTrax, which automates and streamlines the audit, or you can tackle it on your own, embarking on a process of manual outreach, data collection and cross-referential analysis — like one of our customers did before signing on with SaaSTrax.

In the end, the company, a large-scale organization called Lodame, discovered an unused subscription to GoToMeeting that was costing the business money. But it required a significant outlay of resources to get there. The company’s IT department spent hours tapping into various departments and employees to find the problem, and it begs the question: Was a complex software audit the best use of valuable IT resources, particularly when there’s a system on the market that can do the same thing faster?

There’s no doubt that Shadow IT poses risks to businesses. But there is a way to manage that risk while making your employees part of the process. Our goal is to make getting there as simple as possible.

Want to learn more about what SaaSTrax can do for you and your organization? Click here to sign up for a free trial.

GET STARTED

The end of corporate IT? Not so fast..

July 23, 2019/in SaasTrax /by wordpromise

Most people who have held an office job are familiar with one of the following scenarios:

“The company’s server is down.”

Solution? “Call IT.”

“My computer needs an upgrade, and it won’t let me do it myself.”

Solution? “Call IT.”

“I need access to a new program.”

Solution? “Call IT.”

Given the myriad of technical issues that can befall any given organization at any given time, the IT department once filled a critical role inside a company. And you might think, with the speed and scope of technological innovation, the role of IT would have only expanded in recent years. Right?

Not quite.

As it’s done in so many industries, technology has changed the corporate IT function significantly. The ubiquity of software-as-a-service platforms has given any employee with an Internet connection (meaning all of them) the ability to download new systems without the approval of the IT department. Customer relationship management systems such as Salesforce and Hubspot have IT support networks built into their platforms, with experts waiting to answer any questions or solve problems. And there’s rarely a need for a company server, now that everything lives in the cloud.

As early as 2011, David Heinemeier Hansson, creator of Ruby on Rails, was hailing the end of corporate IT. “When people talk about their IT departments, they always talk about the things they’re not allowed to do, the applications they can’t run, and the long time it takes to get anything done,” he wrote. “If businesses had as many gripes with an external vendor, that vendor would’ve been dropped long ago. But IT departments have endured as a necessary evil. I think those days are coming to an end.”

That sentiment was echoed again in 2016, when the Telegraph ran an article under the headline, “Is this the end of the traditional IT department?”

“Many of the functions the traditional IT team served — deploying and maintaining in-house systems, networks and infrastructure; managing software upgrades; deciding which PCs, servers and storage boxes to invest in — are now obsolete as firms instead rely on online services, and employees choose the devices they want to work on,” the article states. “The increased awareness the average employee or executive now has about technology, coupled with the availability of cost-effective web-based systems, also means corporate technology should no longer be locked away from the end user.”

While all of that may be true, we believe it does not doom corporate IT to extinction. It may be the end of an era, but it’s also the dawning of a new one.

First, the mass adoption of external platforms and services is creating risks for businesses, giving third parties access to company data, often times without anyone’s knowledge. That’s why the practice of downloading third-party systems without the consent of corporate technology executives has been dubbed Shadow IT: Its existence is known by one or two employees and yet it’s been granted full access to your company’s back-end systems.

When there’s no corporate IT, no one is watching.

Second, while senior executives in an organization may understand how technology can enhance their performance or add to the bottom line, they may not be able to assess the overall impact to the business and its systems. When you download an application, you have to agree to certain terms and conditions, which outline what the third party will have access to. But how many marketers actually read that? How many CFOs understand the way an API integration impacts other company systems? How many CEOs want to spend their time analyzing the pros and cons of one platform over another to ensure the company gets the best value, while mitigating the most risk?

Finally, when you run a business with multiple systems across multiple departments and dozens, hundreds or thousands of employees who have access to just about all of it, you need someone to manage that, plain and simple. It’s not necessarily about staving off hackers or cyber attacks (although those are still viable threats); the business is exposed to risk every day, through the simplest of actions by the most well-meaning employees. After all, Patient Zero rarely foresees the kind of epidemic they can create.

And the key to preventing an outbreak is early detection.

Corporate IT departments still hold a valuable place in companies of all sizes, but they do have to evolve. While the need to help employees upgrade software may have long since passed, IT departments can play a vital role in mitigating the risks that come with new technologies. They can look across organizations to find areas of waste and excess, exposed data and shady systems. And they can provide the kind of comprehensive strategies that allow companies to harness the full potential of technology.

SaaSTrax can help. We built our platform to help companies manage the risks associated with technology and eliminate waste, while allowing their employees to take advantage of all the benefits cloud-based systems have to offer. We’re putting the power back in the hands of your IT leaders, for the good of your business.

Want to learn more about how we can support your company? Click here for a free trial.

GET STARTED

Inside the Shadow IT epidemic — How bad is it?

July 16, 2019/in SaasTrax /by wordpromise

How do you measure a problem you can’t see?

That question lies at the heart of Shadow IT: the phenomenon of employees at companies across the country downloading software-as-a-service applications and cloud-based platforms without the consent or approval of their IT departments.

By all accounts, it’s pervasive. By definition, it happens in the shadows. So how do you know how pervasive it really is?

A few organizations have taken a stab at measuring the Shadow IT phenomenon across industries and companies. The numbers imply that the issue is far bigger than many of us realize. And it’s putting companies and their data at risk.

Here’s a look at Shadow IT by the numbers:

40%: That’s how much IT spending is happening outside of IT departments, according to analyst firm Gartner. But that estimate varies. Some sources say the real number is closer to 30%, while others say it could be 50% or higher. Whatever statistic you believe, the percentage is expected to rise. Software consultancy ServerCentral predicts that, within the next 10 years, 90% of IT spending will take place outside the IT organization.
33%: Gartner estimates that by 2020, one-third (or roughly 33%) of successful cyber attacks on enterprises will target Shadow IT resources. When software comes into an organization without any review or protocols, it essentially creates an open window into your company — an easy entrance for those looking to steal data and other critical information. As one expert wrote in Forbes: “IT organizations have guidelines on how new software is introduced to the environment. …When we bypass these procedures, we risk potential threats and attacks to the environment, increasing the potential for data loss and compromise.”
90%: UK-based IT company Logicalis conducted a survey of CIOs back in 2015 and found that 90% of CIOs worldwide were bypassed “sometimes” by line-of-business in IT purchasing decisions. If that sounds bad, consider this: 31% of CIOs were bypassed “routinely”. And that was four years ago. We can only imagine those percentages have gotten worse as the number of SaaS platforms on the market has exploded since then.
7%: Cyber attacks and data hacks get a lot of news coverage, but in reality, those situations don’t pose the biggest threats to businesses. Just 7% of lost organizational data is actively hacked, while 81% of it is stolen or even inadvertently disclosed. That statistic is critical in understanding the risk posed by Shadow IT: In many cases, the people who download third-party platforms don’t understand the kind of access they’ve granted to critical company information. Either they’ve opened the door for the cyber thieves to walk right through, or they’ve handed over the goods themselves — without having any idea what they’ve done.
98%: Cisco has found that, on average, large enterprises use more than 1,200 cloud-based services. Of those cloud-based services, more than 98% of them are Shadow IT. When you consider how much data is at stake in a large enterprise, that’s a problem of epic proportions.
51: That’s the number of cloud services CIOs think are running in their organizations. The actual number, according to Cisco, was 730. That means companies are far more vulnerable than their most senior technology executives realize.

The numbers prove Shadow IT is most definitely a problem, bringing unnecessary risk upon companies of all sizes. At the same time, it’s just bad business to restrict the ability of your team to access the transformational power of technology. So, what can you do?

There are options available to help you gauge the prevalence of Shadow IT within the walls of your organization and, in the process, eliminate the risk associated with it. A service like SaaSTrax, for instance, can audit the platforms currently in use across your company. It can help you understand how they’re working with your company’s systems and data. It can help you determine whether they are worth the continued investment. And more than anything, it can help you manage the risk.

Want to learn more about how you can take action and change the numbers around Shadow IT? Sign up for a free trial today:

GET STARTED