Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

FINANCE

As SaaS grows, financial services must rethink their security approach

Published On :

By Ben Bulpett, Identity Platform Director, EMEA, SailPoint 

The financial services industry is facing an increasing number of issues related to the adoption of cloud-based services. The growth of cloud and SaaS has accelerated with the consumerisation of information technology, along with the shift to working from home. Users have become comfortable downloading and using apps and services from the cloud to assist them in their work but often without explicit IT departmental approval. In fact, there are 3 to 4 times more SaaS apps in use at a company than the IT department is aware of, on average. This is known as ‘Shadow IT’ and while it can cause headaches for any industry, financial services are open to the biggest threat.

The data that banks hold on an individual is far more sensitive than other industries. By not getting approval on SaaS, the IT team have no visibility and no understanding of how to properly secure the software. One small security slip-up and consumers can be left with very little. But it’s not just about bad security and the reputational damage that comes with it. Shadow IT can also cause heavy financial loss.

The risks with Shadow IT 

Shadow IT takes up a whopping 30 to 40% of overall IT spending for large enterprises, according to Gartner. This means that nearly half your IT budget is being spent on tools that teams and business units are purchasing (and using) without the IT department’s knowledge. A lot of unapproved software and services may duplicate the functionality of approved ones, meaning your company spends money inefficiently. How does this impact overall revenue? While it depends on the industry, on average companies spend 3.28% of their revenue on IT, according to a recent study by Deloitte Insights. Banking and securities firms spend the most (7.16%) and construction companies spend the least (1.51%).

Additionally, Shadow IT comes with a higher risk of security and compliance complications because the tools are not properly vetted. These risks include lack of security, which can lead to data breaches. Your IT team is unable to ensure the security of the software or services and can’t manage them effectively and run updates. Gartner predicts that by 2022, one-third of successful attacks experienced by enterprises will be on their shadow IT resources. If we use Ponemon’s average breach cost of $3.86M and average probability of a breach at 27.2% annually, Shadow IT may be costing you as much as $350,000 per year in breach-related risk costs.

Keeping track of SaaS

Tracking your SaaS footprint goes beyond core enterprise apps and spreadsheets – the reality is that this isn’t complete visibility. It’s a fraction of what’s out there, and the moment that spreadsheet is updated it’s now out of date. This approach is both time-consuming and filled with inaccuracies.

For example, if a finance director, through a cloud file storage app, shared a root-level folder with outside parties, this inadvertently provides access to detailed financial statements that would never be released publicly or shared. Salaries, profit and loss, and more would be unintentionally exposed. In addition, the finance director’s team files, folders, and discussions would be made completely public rather than internal and read-only. This makes financial files and other sensitive information indexable by search engines and the fault lies with the CISO and CIO, rather than the finance director.

Similarly, when a company is unknowingly running multiple duplicate project management apps outside of IT’s purview, spread throughout the company, this creates massive cost overlap and security vulnerabilities. How much sensitive data may have been stored in the other apps? These examples are all too common, and probably true at your own company.

Shining a light using identity security 

Organisations can shine a light on Shadow IT and SaaS access risk, and ultimately have greater visibility of the full scope of ungoverned SaaS applications, by using technology such as identity security. This allows them to drive a seamless process from discovery to governance across the entirety of their SaaS app landscape and wrap the right security controls around every newly-discovered SaaS app (and the data within).

Not only does this help companies shut down issues around Shadow IT across the business, by doing so it also enables companies to be able to save hundreds of thousands of pounds each year.

Greater visibility 

It’s estimated that by 2022, nearly 90% of organisations will rely almost entirely on SaaS apps to run their business. In this new era of working, the only way to fully protect today’s cloud enterprise is by first discovering all of these hidden SaaS applications and then applying the very same identity governance controls that are already in place for the rest of the critical business applications.

There is no room for mistakes. By addressing Shadow IT and SaaS access risk and having deeper visibility of the full scope of ungoverned SaaS applications, the financial services industry can save hundreds of thousands of pounds each year. And most importantly, keep their customers protected.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts