Shadow IT – it’s a growing challenge faced by CIOs, IT departments and organizations alike and presents itself when individuals or workgroups decide to adopt non-approved public cloud services and applications outside of the management (and often knowledge) of IT.
Now, if you’re one of the employees who have used and shared content over Dropbox, Google Drive, or one of the many other cloud applications available today, it’s likely you’re reading this and saying, “[Insert application here] improves my day-to-day productivity and makes it easier for me to communication with colleagues and clients.” While this may be true, it’s important to understand that non-approved software and services not only add to the workload of IT departments, they add increased security and financial burdens as well.
To explore this burden further, PricewaterhousCoopers (PwC) recently released a study that found between 15 and 30 percent of IT expenditures took place outside of the official IT budget. Moreover, half of the surveyed IT managers estimated that 50 percent of their budget is being allocated to managing shadow IT. That’s a problem. As the PwC report mentions and Jaikumar Vijayan highlights in his Computerworld article, “[Shadow IT] is a potentially pervasive gateway to new and unknown risks, spiraling growth of operation cost, and potential increase in redundancies.”
Luckily for CIO and IT managers, who are most often tasked with monitoring, managing and eliminating these non-approved cloud services, there are tactics that can be implemented that both address employees’ needs and secure company’s valuable assets:
- Conduct an automated and manual discovery sweep to uncover all of the non-approved cloud services currently being used within your organization. Remember, this number is likely more than you expect. As a report by Netskope revealed, enterprise employees run an average of 397 cloud applications, but IT professionals estimate that the number of apps operating across their enterprises is only 40 to 50.
- Communicate with employees to ensure the cloud applications that best fit their needs and make them more efficient, effective workers are supported by the IT department. This is a key step in managing shadow IT. While it’s inevitable that employees and guests will continue to bring unapproved, unsecure applications and cloud services to your network, by creating a balance between employee happiness and IT control, you can encourage a more productive organization.
- Implement solutions that reduce shadow IT, and reestablish IT control of the network and overall enterprise security. The goal should not to be to halt every application installation (unless of course, your enterprise operates in a high-security industry or must meet compliance regulations). It should be to focus on predictability, visibility and control, which will make it easier to manage the continued growth and traffic on your network.
Does your organization struggle to manage shadow IT? If so, drop us a line to see how Markley Group’s services can help. To learn more about shadow IT, check out the Q&A that Patrick Gilmore, Markley Group CTO, completed for Data Center Journal about cloud computing, including how companies can protect against shadow IT (or what we like to call, BYOC,) some of the worst-case security scenarios for companies that don’t implement cloud application policies, and overall cloud trends.