carloscastilla - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Beyond shadow IT risks, opportunity awaits

Enterprises have a love/hate relationship with shadow IT. When it comes with risks, its presence also drives technological innovation. Find out how to make shadow IT work for your enterprise.

This article can also be found in the Premium Editorial Download: Modern Infrastructure: Not playing games: The GPU vs. CPU question gets more interesting:

Increasingly, corporate end users circumvent IT to deploy and maintain their own cloud-based software and services. The trend, termed shadow IT, is the result of a technologically savvy workforce unwilling to settle for sub-par application performance, device incompatibility or inadequate application features. For IT departments, the challenge is to better understand the draw of shadow IT and how best to provide tools that satisfy workers' appetite for productivity and performance. In the process, it will also mean jettisoning some traditional IT approaches.

Shadow IT risks in the enterprise

It's generally accepted that shadow IT is widespread across corporate environments and poses a number of hidden costs. According to Gartner, by 2020, one third of successful cyberattacks experienced by enterprises will be on their shadow IT resources. IT teams are at a distinct disadvantage when it comes to securing unsanctioned cloud services. For example, without clear IT oversight of service-level agreements, business data stored outside of a company's firewalls could be vulnerable in transit or at rest --with costly repercussions.

In addition, when lacking knowledge of new application adoption, IT departments are unable to screen for security risks or enforce the right procedures for software use. Moreover, the increased number of vulnerable access points can lead to expensive data breaches and costly malware infiltrations, threatening an entire organization.

There are also cost-related shadow IT risks. Individual cloud licenses purchased by end users with a corporate credit card are vastly more expensive than bulk, group-based services. These fees can quickly add up. In addition, since shadow IT happens in the dark, multiple departments could be wasting money through exclusive licensing that's essentially hidden from management, other departments and IT oversight.

Compliancy and regulations, particularly in finance and healthcare, represent critical areas where bypassing established protocols could harm a company. For example, in certain situations, using a fast yet unsecured FTP app would offer a quick way to relay data, but it could open up potential for a significant breach. During a crisis, a rogue implementation will leave IT teams scrambling to address myriad technical, governance and security issues.

Are there benefits to shadow IT?

Increasingly, organizations recognize the importance of adopting digital services and innovative technologies to gain a competitive edge, from mobile apps and cloud services to the internet of things. So, despite shadow IT risks, there are some potential benefits.

For example, many companies face the hurdle of convincing resistant members of their workforce to adopt new technologies. Proactive end users who already engage in shadow IT are clearly committed to embracing cloud computing innovations. They understand the clear advantage of using cloud tools.

In addition, shadow IT helps to vastly reduce the typical yearlong requirement cycles of department-managed software services. Gone are the traditional, time-consuming processes of budget requests, assigning an IT resource, spinning up new machines and installing software.

I see shadow IT as an opportunity to educate the IT, security and compliance teams.
J.R. Santosexecutive vice president of global research at CSA

To more effectively incorporate and safeguard the adoption process, IT or security team members should be assigned to specific business units where they can learn about business needs. That's the approach encouraged by the Cloud Security Alliance (CSA), a nonprofit organization that promotes best practices.

"I see shadow IT as an opportunity to educate the IT, security and compliance teams," said J.R. Santos, executive vice president of global research at CSA. "By better understanding that process, IT can provide solutions that really meet end users' needs while also fulfilling compliance and security standards or internal IT policies," he said.

For most companies, the value of instantly scalable resources and cloud-accessible data is clear. Capitalizing on pre-existing shadow IT deployments offers one way to achieve those goals and helps to speed the trend toward increased digital enablement. To make seamless cloud adoption possible, however, IT must become both an enabling force as well as a consensus builder around organization-wide cloud use.

Embracing and managing shadow IT

Infrastructure tools can provide both visibility and optimization of cloud resources to monitor shadow IT in a comprehensive way. CloudHealth, for example, employs a combination of automated governance and budget monitoring to track cloud-based resources. The platform, from Boston-based CloudHealth Technologies, offers a set of dynamic policies to govern cloud usage and to ensure security.

"What we're seeing is a shift of IT departments to becoming more of a group for setting up policies that make sense. Then, they apply those policies and rules through a tool that everyone has access to," said Adam Abrevaya, vice president of engineering at CloudHealth Technologies.

It's become increasingly clear that battling shadow IT is costly -- and likely futile. What's more, it puts companies at a disadvantage. Instead of a laser focus on improving business processes, an already overburdened IT staff must contend with restricting cloud use instead of enabling end users. By contrast, once IT leaves behind its earlier role as simply a selector and purchaser of workplace technology, it can more efficiently support cloud computing innovations and help companies move toward increased digital services.

A cloud access security broker can assist with policies, controls and monitoring.

By putting the needs of users first, while clearly communicating shadow IT risks, administrators and their teams can attempt to manage shadow IT. Moreover, having in place an informed cloud strategy recognizes that cloud computing is fast becoming the new default model for purchasing and consuming IT services. Forging partnerships between IT and employees will help to create a culture of acceptance and protection.

In the process, IT can take on its true role as a broker for improved innovation and technologies that more effectively support an organization's business goals.

Next Steps

Bring shadow IT into the light

Minimize shadow IT risks with a security strategy

Why identity-based security fits the cloud

This was last published in February 2017

Dig Deeper on Cloud management and monitoring

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What steps have you taken to reduce shadow IT risks?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVMware

SearchVirtualDesktop

SearchAWS

SearchDataCenter

SearchWindowsServer

SearchCRM

Close