Research from Cisco finds that, on average, CIOs estimate their organization is using only 51 cloud services, while the actual number is closer to 730. That means your IT department – the people who plan your technology roadmap and manage your data, technology and applications to ensure optimal uptime, performance, security and compliance – is managing less than 10 percent of your cloud footprint. The remaining 90 percent runs under-the-radar. Known as “Shadow IT,” it’s creating big risks for enterprises.
Shadow IT is more broadly defined as any technology used inside an organization without IT’s approval or even knowledge. Often, it’s the result of business units looking to adopt new cloud services but unwilling to wait for IT to completely vet, test, approve and implement them. These business units set aside budget for the (usually) reasonable monthly subscription rate, scan the corporate credit card and get to work. Unfortunately, while they are quickly up and running, they may be exposing your organization to:
- Data loss: Shadow IT means there could be corporate data residing outside typical controls designed to ensure security and compliance. While public cloud providers talk a good security game, they still have a ways to go when it comes to providing visibility and transparency into their controls. In fact, fewer than 13 percent of IT decision-makers say they trust the public cloud to secure highly-sensitive data.
- Increased costs: With no centralized control or management over which cloud applications are used, or when, many organizations find employees using (and paying for) competing and sometimes overlapping services. Why pay multiple subscriptions for services like Dropbox and Box when a managed corporate subscription provides the same functionality for far less?
With the risks mounting, organizations can no longer ignore Shadow IT, but neither can they simply forbid it. To embrace Shadow IT, a subtler, service-oriented approach is required in order to:
- Know your usage: The first step is to discover and identify unknown cloud services so you can better plan usage and control data loss. Tools like cloud access security brokers (CASBs), web application firewalls, or data loss prevention (DLP) can help. Another option that can help you really understand the cloud usage at your business is to perform a Cloud Consumption Assessment.
- Streamline IT processes: Does every request need to go through a 40-point vetting process? Find ways to fast-track cloud applications/services so your users will want to start with IT first and not as a last resort.
- Become pro-cloud: Instead of avoiding the cloud, become the cloud expert and start helping users find the best options for their particular business needs. A good strategy here is to develop a list of sanctioned cloud services designed to address common use cases. For instance, some organizations have set up their own app store to help ensure cloud choices are secure and don’t conflict with business/IT strategy as a whole.
Managing Shadow IT is a balancing act, but by embracing change and moving toward a service-oriented approach, you can reduce its risks while protecting your core business assets — no matter where they live.