The advent of software-as-a-service (SaaS) computing options led to the rise of shadow IT, which has allowed individuals to make their own decisions about what applications met the needs of their departments. The practice has morphed to a somewhat more controlled version in which departments still exercise relative autonomy because they control their own IT budgets. Without adequate oversight and control, however, they can open channels for possible data breaches. Attaining an adequate level of assurance on the security of applications is the new mandate for CIOs as data centers move away from internal to cloud-based systems.”]