Beware of Shadow IT in the Data Center

Posted on April 11, 2017 by Sarah Higgins

In the past, the phrase “Shadow IT” has been used by IT experts and industry pundits to describe the practice where rogue groups of employees have decided to set up their own Wi-Fi networks in the office, or to purchase some cloud computing for their specific team or project, doing so outside of the company-approved technologies and processes. The dangers of this type of action were obvious – Shadow IT created massive possibilities for security issues and data breaches, not to mention simply creating the potential for network conflicts and bandwidth strains.

Many companies were able to, for the most part, weed these negative practices out of their organizations through a combination of discovery, improved security and enhanced cloud and connection services being rolled pout company-wide, eliminating the need for employees to go outside company policy to succeed.

Now, however, Shadow IT has reared its ugly head again. In recent articles in Dark Reading and Data Center Journal we have seen this term introduced again – but this time they’re referring to rogue technology being inserted into data centers themselves. This ups the ante beyond a router being somewhere it shouldn’t.

This Shadow IT is in the form of separate servers, databases and the like. The goal is never to do something nefarious – Shadow IT more often than not starts out as employees trying to figure out a way to do their jobs better, faster and smarter. But regardless of good intentions, that cannot be allowed. There are very good reasons – from security to compliance and everything in between – that companies have policies in place. And by inserting (or allowing) gear into a data center that is unapproved and may not have the proper security protocols in place, your company is being opened up to the risk of an even more catastrophic breach or attack.

So what can you do to solve this problem – or prevent it from becoming one? Here’s a few tips:

  • Conduct a Sweep: Make sure you know what’s in your data center. Use an automated tool and your manual skills to make sure there’s nothing hidden.
  • Don’t Turn a Blind Eye: Sure, they might be your friends and assure you that they’ve applied all of the company security policies to their side-server, but who’s head will be on the line if a breach occurs – and Shadow IT in your data center is the reason? If you know it’s there – or have just discovered it – you have to act.
  • Recognize the Reasons for It: Shadow IT doesn’t just happen because employees were bored or dared one another to install something. There’s always a business reason. Are the current policies and procedures failing some employees? Are some teams unable to work?
  • Work With, Not Against Employees: Strike a balance. What needs to change in the company policies to allow these employees – who obviously care about the company – to succeed within the rules?
  • Consider a Different Data Center Arrangement: No matter what setup you were using before discovering the Shadow IT – there was obviously a hole in the system that allowed the rogue elements to sneak in. Learn from that. If you’re managing your data center privately, perhaps it’s time to partner with a vendor – one who’s responsibility would be ensuring that security and compliance protocols are applicable across the entire data center, and who would immediately prevent Shadow IT from ever happening. 

Are you looking for help in preventing Shadow IT in your data center? Found some, but not sure where to start? Give us a call at 617-451-6464, or email us anytime at info@markleygroup.com and we’d be happy to help you see how a partner like Markley Group may be the way to go.