Software as a Service (SaaS) applications and Generative AI (GenAI) tools have revolutionized the way many organizations operate today. While these technologies offer significant benefits in terms of scalability, efficiency, and innovation, they also introduce complex challenges. Easy access to SaaS applications (such as M365, Google Workspace, Slack, Zoom, Shopify etc.) means that employees are able to adopt new tools without proper oversight, leading to "Shadow SaaS" — the use of unsanctioned applications that IT departments are unaware of. This unauthorized use can lead to serious data security breaches, loss of sensitive information, and failure to comply with required industry regulations. Similarly, the integration of GenAI into business processes (ChatGPT, DALL.E, Hugging Face, GitHub Copilot etc.), while beneficial, raises concerns about intellectual property theft, misuse of AI, and inadvertent generation of non-compliant data. These issues underscore the urgent need for companies to enforce robust data governance and control mechanisms to mitigate risks and ensure regulatory compliance.
Next DLP recently conducted a survey of over 250 global security professionals to explore the new challenges in data security and compliance that SaaS applications and Generative AI have introduced. The results revealed critical insights into the unauthorized use of these technologies and the associated risks.
The survey of 253 global security professionals was conducted at RSA Conference 2024 and Infosecurity Europe 2024. Each respondent was asked the same ten questions* surrounding Shadow SaaS and Shadow AI usage within their organization, the implied security risks, and the policies and security tools their company has in place.
The survey revealed a surprising trend: nearly three quarters (73%) of security professionals admitted to using SaaS applications that had not been provided by their company’s IT team in the past year. This is despite their own acute awareness of the risks, with respondents naming data loss (65%), lack of visibility and control (62%) and data breaches (52%) as the top risks of using unauthorized tools. Adding to this, one in ten admitted they were certain their organization had suffered a data breach or data loss as a result.
A laissez-faire attitude towards Shadow SaaS was also uncovered in the survey results, while security professionals have taken a more cautious approach to GenAI usage. Half of the respondents highlighted that AI use had been restricted to certain job functions and roles in their organization, while 16% had banned the technology completely. Adding to this, 46% of organizations have implemented tools and policies to control employees’ use of GenAI.
The research also provided a snapshot of how security professionals view their organization’s training and overall understanding of the risks of Shadow SaaS:
In response to these challenges, Next DLP’s Reveal Platform offers a comprehensive solution designed to provide full visibility into SaaS application usage. Here’s how the Reveal Platform addresses the issues highlighted by the survey:
Shadow SaaS Detection and Control
Generative AI (GenAI) Usage Management
Policy Enforcement and Compliance
Training and Adaptation
Despite recognizing the risks themselves, 34% of respondents responded that employees do not fully understand the data security risks associated with Shadow SaaS and Shadow AI. 6% of respondents said employees didn’t understand these risks at all.
The Next DLP survey highlights a critical need for better education around, and management of, Shadow SaaS and GenAI. The Reveal Platform’s capabilities in providing visibility, analytics, and control play a pivotal role in addressing these challenges. Organizations looking to secure their digital environments and comply with regulatory standards would benefit significantly from adopting comprehensive solutions like the Reveal Platform.
The Reveal Platform from Next DLP offers a comprehensive solution to address these pressing challenges. By providing full visibility into SaaS application usage, the platform enables organizations to monitor and manage employee activities effectively. This ensures that any unauthorized use of SaaS tools is quickly identified and addressed, significantly reducing the risk of data breaches and loss. The platform’s advanced analytics capabilities help security teams understand the patterns of Shadow SaaS usage, allowing them to implement targeted policies and training programs that promote the use of approved, secure alternatives.
In addition to SaaS management, the Reveal Platform also offers robust controls for GenAI usage. With tools that restrict and monitor AI activities based on job roles and functions, organizations can maintain tight control over how AI technologies are used within their networks. This mitigates the risks associated with unsanctioned AI tools, ensuring that employees adhere to security protocols. Furthermore, the platform's real-time alerts and detailed reporting provide continuous oversight, enabling proactive risk management and enhancing overall data protection efforts.
For further insights into our survey results or to learn more about the Reveal Platform, contact our team for a personalized demonstration.
This appendix contains the complete list of ten questions that were posed to the respondents in our survey.
Failure to comply with industry regulations/compliance frameworks
Sensitive/proprietary data loss
Lack of visibility and control over user behavior, as it relates to company data
Expansion of attack surface
Data breach
Does your organization allow employees to use Gen AI / LLMs?