Virtualization Technology News and Information
Grip Security 2023 Predictions: Business-led IT Becomes Mainstream


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Business-led IT Becomes Mainstream

By Lior Yaari, Co-founder and CEO, Grip Security

SaaS has become the de facto method of acquiring software and tools across every industry. Though many companies still rely on internally developed apps, anything new is usually acquired as a SaaS app or leverages SaaS in some way whether it is for integrations, automation, analytics, or storage. What is remarkable about SaaS is that it has enabled people outside of IT to become their own CIOs. They no longer need to rely on a technical expert to identify, install and manage the apps they need to get their job done. All they need is an email address to create an account.

Business-led IT is the term that is used to describe the trend of decentralized technology acquisition. Though it encompasses hardware and software, the vast majority of business-led IT is SaaS and even most hardware today has a SaaS component to it. SaaS has changed the IT landscape for good.

The trend will continue into 2023 and even accelerate as more SaaS apps are created and become available. Five predictions based on this trend are discussed in more detail below. One interesting data point is that enterprises see a 60% turnover of SaaS apps over a two-year period. What that means is that people rotate their apps and adopt new ones as better apps become available. This is completely logical given one of the values of SaaS is to reduce switching costs for the company. There may be some data migration issues, but there is no hardware or infrastructure to upgrade or change. All that is needed is an email address.

Shadow IT Goes from a Negative to a Positive

Shadow IT has long had a negative connotation and means hardware, software, or services acquired outside of the ownership or control of IT. For SaaS specifically, the term "unsanctioned apps," is sometimes used to describe SaaS used without IT approval. However, times have changed and the taboo of using technology that is useful, but not officially approved, has largely diminished. This and the industry rebranding of shadow IT to business-led IT will result in people focusing on the positives of empowering employees to use the best technology they need to do their jobs: productivity, job satisfaction, reduced time to market, faster reactions to changing market conditions.

90% of Employees Will Use Unsanctioned Apps

This prediction may seem outrageous to many, but if you look at where we are starting from, 90% is quite reasonable. Microsoft estimates that 80% of employees already use non-sanctioned apps, which is consistent with what we have seen when working with companies. Multiple discovery methods exist to detect unsanctioned SaaS app usage, and the challenge is to determine what risk these apps pose to the company and the proper remediation, which can include (but is not limited to) shutting down the account, blocking access, or adding to SSO. As more apps become available, this number is likely to increase to 90% or even higher.

Business-led IT Spend Increases to over 50%

Most CIOs will readily acknowledge that technology spending occurs outside of the formal IT budget. In many companies, functions such as sales and marketing now have specific budget line items for SaaS subscriptions. IT is aware of some of the purchases, but many are purchased and expensed. A Gartner analysis found that business-led IT spend averages up to 36% of the total formal IT budget already. As companies become more disciplined and focus on detecting and managing business-led IT, they will discover that there are many apps that IT never knew about. Through a combination of more apps being used and the IT discovering app purchases that were previously untracked, companies could see business-led IT reach 50% of the total IT budget.

SaaS Security Breaches Will Become Worse

Cybersecurity is always top of mind for companies today. 2022 included several high-profile SaaS security breaches that made major headlines. These breaches include hackers using the communication app Slack to break into EA games. Hackers gain unauthorized access to the password manager company LastPass's development environment. 0ktapus targeting identity security company Okta's customers to gain access to internal systems. Uber was also breached, and the hacker had access to internal accounts and systems. As business-led IT gains momentum, companies will start to use more SaaS which means the attack surface for hackers will increase. Inevitably, 2023 will have a SaaS security breach whose damages surpasses what we saw in 2022.

Companies Will Implement a SaaS Security Architectural Layer

SaaS security is one of the hottest categories in cybersecurity and it was one of the biggest categories funded by venture capital firms in 2022. There is no shortage of problems to be solved by the explosion of SaaS usage and the security challenges it has created for companies. The good news is that companies are evaluating their SaaS security strategy and actively investing in modern technology. The problem is that today, most solutions only solve a part of the problem, and a holistic SaaS security framework is required. The Cloud Security Alliance's recent guide SaaS Governance Best Practices for Cloud Customers points out that nature of SaaS requires a different approach. Companies will start designing their security architectures with a specific layer that focuses on the unique governance requirements of SaaS that are not fulfilled by existing solutions today.


SaaS has transformed enterprise IT in a positive way and there are no doubts about the benefits of using SaaS. It allows companies to respond to market conditions more quickly, increases employee productivity and improves job satisfaction. Companies will need to adapt to embrace the employee CIO, and the ones that can implement effective SaaS security programs will see business benefits far greater than what they invested.




Lior Yaari is the Co-founder and CEO of Grip Security. Lior has significant experience in the cybersecurity domain as the former CTO of YL Ventures, a leading cybersecurity VC, and as the former Chief of Cyber Training in an elite intelligence unit of the Israel Defense Forces. Among his previous positions, Lior was a Vulnerability Researcher and Project Lead at Cymotive, an automotive cybersecurity company, and co-founded Imperium Security, an embedded devices Secure Development Life Cycle (eSDLC) company.  

Published Thursday, October 20, 2022 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2022>