Though Shadow IT is a global issue for almost all sectors, finance will be the most affected due to the sensitive information it holds about individuals. With growing concern for Shadow IT already on the rise, specific SaaS governance measures must be followed by the IT, or else the business can face severe consequences. Ben Bulpett has written about these consequences and how the financial sector can safeguard against these in an article for InternationalBanker.com.

Here is what he has written:

• Recent research has found 3 to 4 times more SaaS apps in use at a company than the IT department is aware of, on average.

• This problem has been exacerbated by the shift to working from home and the new hybrid workforce, with employees working outside the purview of the IT team. 

• Though all companies face the issue of Shadow IT, financial services are the ones at higher risk due to the amount of sensitive data the industry holds on individuals.

• One minor security lapse, like an app going unnoticed for a long time and then becoming unprotected, is enough to lure hackers in.

• Not only could it be hugely damaging to banks’ reputations, but it could also bring heavy financial losses to those in the industry.

• Shadow IT may be costing organizations as much as $350,000 per year in breach-related risk costs.

• With the spreadsheet approach for managing the SaaS stack, you never know when another application is added. Therefore, it is time-consuming and can go inaccurate. 

• A finance director sharing a root level folder with an outside party can expose a lot of critical information like financial statements, salaries, profit and loss statements, and much more. 

• Overcoming Shadow, IT requires organizations to shine a light directly on their SaaS access risk. Technology such as identity security can achieve that by identifying ungoverned SaaS apps and then extending the right security controls to ensure only the right people have access to those apps.

• Deeper visibility into the full scope of ungoverned SaaS applications means identifying vulnerabilities and keeping the perimeters protected from hackers.

You can read the full article here.