Shining the lights on shadow IT in businesses

Spending on cloud, specifically SaaS, is up -- often behind IT's back. Just because IT doesn't know what's happening doesn't make shadow IT OK.

A few years ago, IT could still reasonably make the claim cloud computing was a bunch of hot air that would soon blow over. But it's getting harder to make that claim.

Spending on public cloud services certainly isn't down. Stamford, Conn.-based research firm Gartner Inc. predicts the market for public cloud computing services will swell to $207 billion by 2016, up from $109 billion today. It also predicts that in 2017, the chief marketing officer will spend more on IT than the CIO. At the top of the list of popular public cloud services are classic Software as a Service (SaaS) applications such as Salesforce.com for customer relationship management (CRM) and Workday for payroll services.

And there's an awful lot of IT happening behind IT's back: what's sometimes called "shadow IT," according to Ellen Rubin, vice president of cloud products at Terremark, a Verizon company that offers managed hosting and cloud services.

There's an awful lot of IT happening behind IT's back.

Ellen Rubin, vice president of cloud products at Terremark

"I've been in some meetings between IT and the IT people attached to a business unit, and there will be this weird discussion where the business owners try to hide the fact that they're already doing [cloud]," Rubin said.

The problem is that when business owners go around IT, they almost always forget to ask the tough questions experienced IT pros would ask a cloud provider: What are your uptime statistics? How do you achieve redundancy? How do you ensure security? What is your service-level agreement? Is running this workload in the cloud actually cheaper in the long run?

Failing to ask those tough questions up front has resulted in some well-publicized public cloud failures, such as the Los Angeles Police Department's move to partially pull the plug on a proposed Google Gmail deployment because of security concerns, or Web-based services going down because of an outage at a cloud provider.

In June, Amazon Web Services (AWS) -- arguably the current top player for cloud developers -- infamously suffered from a power outage at one of its data centers followed by a bug in its Elastic Load Balancing service that caused some customers to be down for up to six hours. Some AWS customers begrudgingly acknowledged their role in the downtime.

"I think we found areas of the app that we thought we had engineered better for failure [but] we hadn't," said Jim O'Neill, CIO of the hosted marketing software provider HubSpot, in a previous story about Amazon outages on SearchCloudComputing.com.

"It's easy for me to get mad at [Amazon]," he said, "but the truth is, our apps should have been built better."

IT resigned to its cloud fate

Perhaps shadow IT isn't really as under the covers as its name suggests. A recent survey by security research firm Ponemon Institute suggests that enterprise IT knows that public cloud has infiltrated the organization -- but that it's none too happy about it.

Just under half of the 4,000-plus respondents to the Ponemon survey said they already transfer sensitive or confidential data to external cloud services, and another third will follow suit in the next two years. At first glance, that suggests that IT has put aside most, if not all, compunctions it may have had about cloud security.

More on shadow IT

IT pros bypass management to create AWS cloud apps

Controlling shadow IT and identity management

Coming to grips with shadow IT in the self-service technology era

But dig a little deeper and the picture gets hazy. Of those already putting sensitive data in the cloud, a full 39% said doing so has decreased their security posture. Sixty-three percent admitted to not fully understanding what the cloud provider is doing to secure data; a shocking 35% hand over their encryption keys to their cloud providers.

"There is a lot more data being transferred to the cloud than I would have expected, and I was surprised by the lack of confidence enterprises have in the cloud," said Richard Moulds, vice president of strategy at Thales e-Security, which sponsored the survey.

"The only thing I can think of is that people are doing this because the economic benefits are so strong," Moulds said.

Alex Barrett is senior executive editor for TechTarget's Data Center and Virtualization media group, with editorial oversight of SearchDataCenter.com, SearchServerVirtualization.com and SearchVMware.com.

This was first published in November 2012

Dig deeper on Software as a Service and cloud computing

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchVMware

SearchVirtualDesktop

SearchAWS

SearchDataCenter

SearchWindowsServer

SearchSOA

SearchCRM

Close