Security pros often have a thankless job. CISOs rarely get praise when cybersecurity programs run smoothly. But as soon as a data breach occurs, it’s the security team that’s held accountable. And that’s why many security leaders prohibit or heavily limit the use of cloud-based tools and SaaS apps for fear of employees inadvertently exposing sensitive data. The end result: the security team gets a bad rap for doing their job while the rest of the business lacks access to the very tools that encourage collaboration and drive productivity.Today, CISOs have legitimate concerns when it comes to cloud-based tools. After scanning more than 5 million Google Drive files, we discovered 40% contained potentially sensitive data, customer PII, security credentials, and confidential company information. But security teams need more flexible options than zero-tolerance policies that restrict the use of SaaS work apps. CISOs need security products that align with the company’s overarching goals instead of establishing rigid policies that automatically pit the security team against the rest of the organization. This often makes security leaders the bad guys when they’re simply trying to protect the business.But how do security teams even begin to protect the company’s most sensitive data when so many SaaS applications open the door to serious cybersecurity risks?Find common ground between the security team and everyone else Most employees are not acting on malicious intent. In the same way that security teams are not on a mission to stifle productivity and collaboration, employees outside of the security team do not set out to purposely share sensitive company data with bad actors. In fact, many don’t even realize they have uploaded vulnerable information. And yet credit card numbers, personally identifiable information, and login credentials are often stored in popular work management apps without the offending employee realizing what they’ve done.It helps to remember that most colleagues are trying to achieve ambitious goals to move the business forward. They want tools that let them get their work done faster and with better results. They are not looking to expose sensitive data that puts the entire organization at risk – they just want to do their job. For a cybersecurity program to operate successfully, it’s imperative that the security team and the business units it supports trust each other. Both sides need to realize that the best results happen when they act as allies and not adversaries. This requires having open, transparent conversations about cybersecurity initiatives and the policies in place to keep everyone safe.Companies also need to implement security products that allow for more flexible cybersecurity policies. This doesn’t mean adopting an “anything goes” mindset and allowing employees to download work apps without proper guardrails in place. Fortunately, there are effective options available that allow for common ground between security teams and their counterparts.
Cloud Security, Data Security
Bad guys no longer: Here’s how to keep data secure without restricting SaaS apps

Today’s columnist, Rich Vibert of Metomic, offers a strategy for CISOs to keep data secure yet unleash the power of SaaS apps. (Stock Photo, Getty Images)
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds