Survey: Anxiety Over SaaS Security Plagues IT Leaders
Many organizations heavily invested in cloud services and SaaS applications during the beginning of the pandemic to support the required shift to remote work. While the need three years ago was to enable a dispersed workforce, today’s organizations are looking for opportunities to control spend and weather a new period of economic uncertainty. Those same investments are being viewed with considerations around cross-functional need, overall usage and realized value. Many analyst firms predict that there will be continued investment in cloud services and SaaS applications, but overall IT spending will slow in 2023.
As a result of these shifting winds, Snow Software commissioned a survey to better understand the state of SaaS management. What we discovered was that across the globe, managing SaaS poses many of the same challenges to IT leaders as it did several years ago, despite significant changes in the economy, purchasing habits, etc.
The survey, which polled more than 1,000 IT leaders from organizations with more than 500 employees in the US and UK, found that IT leaders are struggling to gain visibility into the SaaS applications running in their tech environment despite feeling confident about their organization’s SaaS security posture (96%). In fact, 44% of IT leaders surveyed said that they consider ‘employees adding new SaaS applications without notifying IT,’ a challenge, and 32% struggle to ‘understand why a team or individual needs a new SaaS application,’ suggesting there is a cognitive disconnect between these challenges and the risks they bring.
Interestingly, to counter some of these challenges, more than half of respondents (56%) said that if budget, resources and time were not a factor, they would propose creating SaaS application buying training for all employees with purchasing power. While 50% or more of those between ages 18 – 54 see the need for SaaS education, the older IT leaders surveyed are not in agreement: only 25-27% of those age 55+ feel this should be a priority.
A large portion of IT leaders (76% owners, 75% of C-suite executives, 50% of VPs of IT and directors, 48% of managers) felt confident in their data classification, security policies and tools in place to govern the data being shared with their SaaS applications. And this is in addition to the 96% that felt very confident or confident in their SaaS security. However, security remains the top concern for respondents despite their confidence and preparation.
Looming global economic uncertainty has IT examining budgets but still prioritizing security
Cybersecurity is a major focus for IT decision makers right now, particularly as business leaders navigate and plan 2023 budgets in anticipation of a further economic uncertainty. When asked about the most important priorities to managing SaaS applications, ‘managing the security of SaaS applications’ ranked #1. This was followed by ‘identifying usage of all SaaS applications within our organization,’ and involve risk factors such as visibility of SaaS applications, authorized application downloading and use, authentication/permission and collaboration between IT and the rest of the organization.
These concerns over security and visibility do seem to impact overall levels of confidence when looking at the respondent’s title level. Owners (76%), C-suite executives (70%) and Senior Vice Presidents (61%) are by far the most confident in their organization’s SaaS security measures. However, the lower down the ladder the titles go, the less confident they are: Vice Presidents (49%), Directors (44%) and Managers (33%). This could indicate senior leaders’ confidence in their own executive leadership team, more visibility/access to certain security procedures, or feigned confidence. Alternatively, this could also indicate that more junior team members – who are usually on the front lines executing – could be seeing more areas for concern and/or masking that from leadership.
Unsurprisingly, managing costs is still a leading concern among IT leaders. While ‘controlling the total cost of SaaS application investment’ was ranked #5 in overall importance by IT leaders for managing SaaS applications, the other highly ranked priorities, ‘identifying usage of all SaaS applications within our organization’ (#2) and ‘understanding why a team or individual needs a new SaaS application’ (#3), ultimately impact cost as well.
If global uncertainty persists, 27% of respondents believe IT budgets will decrease by 11-25%, and an additional 28% of respondents believe IT budgets will decrease by 26-50%. When asked what area would be most impacted by a reduction of IT spending, most respondents indicated ‘IT staffing’ (20%) and ‘strategic IT initiatives or programs’ (19%) as most impacted.
Globally, IT leaders expect IT budget reductions to have the greatest impact on IT staffing (20%) and strategic IT initiatives (19%).
IT ownership is murky but senior leaders agree that it’s the CIO’s responsibility
The purchasing and management of SaaS as well as mitigating its security issues rest firmly within two groups, according to survey respondents: CIOs/IT and ITAM/SAM teams. In fact, 39% say CIOs/IT leaders are responsible for purchasing and management, with 42% indicating that ITAM/SAM teams hold that responsibility. Interestingly, when examining the titles of the respondents, the more junior levels (Manager, Director and Vice President) ranked ITAM/SAM as responsible for purchasing and managing, while the more senior roles (Sr. Vice President, C-level Executive and Owner) ranked CIO/IT as the primary party. Senior leaders look to CIO/IT leadership to take responsibility for SaaS purchasing and security issues over other departments and roles, while more junior levels put the onus on their peers within ITAM/SAM.
Despite conflicting perspectives on ownership, security management, security posture and purchasing power, it is clear IT leaders are not the sole technology gatekeepers they may have once been. Though it’s very evident that IT leaders would like to go back to controlling every part of the tech purchasing and management process, especially during challenging times. However, there still is a fundamental lack of visibility that plagues many organizations – and creates exponential risk for IT leaders. Gaining complete visibility, despite disparate ownership of technologies like SaaS applications, is the foundation for safeguarding an organization.
If you’re interested in learning more about how to gain visibility into your SaaS applications, be sure to check out the Snow SaaS management solution.