Report: Software-as-a-Service Users Have Bad Tech Habits

Software-as-a-Service has been growing by leaps and bounds among U.S. and Canadian enterprise businesses, but users’ bad tech habits expose their organizations to security breaches and data loss, according to a survey conducted by IT supplier Softchoice.

“People who use SaaS applications were significantly more irresponsible about password security, file transfer and IT compliance at work – exhibiting behaviors that can expose corporate data to unintentional leaks and malicious attacks,” according to a report summary.

Among Softchoice’s more specific findings regarding password insecurity, SaaS app users are:

• 10x more likely to share passwords on unprotected or shared drives;
• over 2x more likely to display their passwords on Post-Its;
• 3x more likely to keep passwords in an unprotected document.

In addition:

• 28.5% of twenty-somethings keep their app passwords in plain sight compared to 10.8% of Baby Boomers;

• 36% of employees using SaaS apps for work access five or more different apps on the job – resulting in too many unique (or slight riffs on the same) log-ins for them to memorize or maintain securely.

Softchoice poses three proven methods of enhancing password security. In order of increasing efficacy, they are:

• Company-wide password security protocol;
• On-premise-based single-session sign-on tied to existing Directory Service (e.g. Active Directory);
• Secure, cloud-based single-sign-on solution tied to existing Directory Service.

When it comes to file transfer, Softchoice found that SaaS app users are:

• 2x more likely than non-SaaS app users to email the work files they need to their personal account;
• 4x more likely to attempt logging into a work account associated with a former job;
• 16x more likely to access work files through an app that IT doesn’t know they have.

The increased ease of access and use of apps via cloud services, and their capacity to ease workloads, tend to overwhelm users’ security concerns, awareness and training (if any), according to Softchoice. “Finding an app that makes one’s daily job responsibilities easier is perceived as more important than running that download decision by IT. Unprotected email exchanges and meddling into old accounts becomes personally justifiable by this ‘I need it now’ attitude.”

Softchoice’s three recommendations for enhancing SaaS file transfer security, in ascending order, are:

• standardize on a cloud-based collaboration platform solution;
• standardize on a cloud-based collaboration platform solution coupled with a mobile device management (BYOD) strategy;
• standardize on a cloud-based collaboration platform solution, coupled with a mobile device management (BYOD) strategy, and add a cloud platform to provide end-user management and reporting capabilities to mitigate future risk.