The ease of provisioning new cloud applications has opened the gates of IT. A wide variety of managers, sales people and others within the organization can now help themselves to IT resources. Gartner has predicted that 25% of new business applications would be written outside of the IT department this year. While this has lowered the bar for testing new ways to share and organize information, it can also lead to unexpected security, governance and management risks.
At the Consumerization of IT in the Enterprise conference (CITE) in San Francisco, enterprise architects were looking at how they could leverage these new capabilities without creating new problems. In the past, rolling out new applications was too daunting for most managers, according to Peter Christy, research director at 451 research. "In the last few years we have reached the miraculous point where you can now get all of the IT you want without the burden of competence or infrastructure. Before that you had to struggle to find machines and data centers."
This presents a mixed blessing to the enterprise, Christy explained. "It is deeply discomforting to people in IT who are wondering if their jobs are at stake. For the rest of us, it is a great world where you no longer have to buy computers or install software. This creates an intriguing world where people have alternatives. This can lead to the idea of rogue users."
Users will continue to leverage the cloud if it makes their jobs easier, regardless of official policy.
Jamie Barnett, VP of Marketing at Netskope, suggests that the value of IT should be in finding ways to say yes to new applications, while ensuring IT policies are met. But getting to this point requires a bit of ground work, depending on the maturity of your organization.
Conduct an accurate assessment
One of the first steps in dealing with the proliferation of cloud and rogue apps in the organization is recognizing that users are already accessing cloud services and, in some cases, may not even be aware of it.
Barnett said that most IT purchases will eventually be made by business managers. These rogue apps are important because people will be using them in ways that benefit the company.
The first step to enabling cloud users in the company is surveying the cloud application landscape in your organization. Services like Netskope can crawl through your enterprise IT systems to discover rogue apps being used. A recent survey of cloud readiness from hundreds of thousands of users found that enterprises have an average of 461 active cloud applications, which is 9-10 times higher than IT management estimated.
Create a rational policy
The next step to creating a rational policy for the cloud is recognizing there are multiple ways that a new project can fail. These include security vulnerabilities, privacy leaks, management hiccups and, of course, never getting off the ground. Front line managers typically focus on the speed and ease of using a cloud service to get a new project up and running.
But in the background, these new capabilities can carry unforeseen consequences, ones the manager had not considered. 451 Research's Christy said that IT managers need to be aware of the legitimate challenges. In the early days of the cloud, many IT managers raised concerns about the security of new services. But, in many cases, the organization's existing application infrastructure is no better than cloud services in addressing these issues. You can make the same argument about why one should not use the cloud, but few organizations are putting their own infrastructure under the same microscope.
Once you have identified ways that your organization is using cloud services, it is important to educate users on best practices for reducing risk down the line. Users will continue to leverage the cloud if it makes their jobs easier, regardless of official policy. David Hoff, CTO at Cloud Sherpas, said, "There is no way IT managers can prevent the determination of a user to sign up for personal cloud services or something outside of the corporate domain. This really forces a shift in how communication needs to be done with the organization to be effective."
Managers need to be informed of the risks they create for the company when they post sensitive information to the cloud. In addition, managers need to think about account management and control. When the sole administrator for a service is sick or leaves the company, this can create problems for the rest of the team. Hoff said that giving managers a better idea of the potential problems -- while educating them on best practices to avoid them -- can help promote responsible cloud usage.
Build an enterprise cloud brokerage
Once you realize that business managers will adopt the cloud, another good practice is to help secure the network. The most secure cloud services can still be compromised if the networks used to access them are not secured as well. To address this challenge, vendors like Pertino have developed network service virtualization tools for securing connections from a distributed workforce into cloud applications.
The IT department can take the lead in building the back infrastructure and educate business users on using cloud services and secure networking infrastructure so users can make sound decisions. Todd Krautkremer, VP of Marketing at Pertino said an enterprise cloud service brokerage means that IT managers are bringing sanctioned services into a centralized portal with centralized compliance and management. In essence, IT becomes the integrator that maps new cloud capabilities into the organization's business policy.