09/12/2014

By Ian Finlay, Vice President, Abiquo


The business challenges of shadow IT have emerged from the darkness and are now firmly in the spotlight. With PwC estimating that shadow IT accounts for between 15 and 30 per cent of IT spending outside of the IT enterprise budget, it not only presents a real blind spot for enterprises, but has a significant impact upon both the security and integrity of company information, and customer confidence.

IT departments no longer have control over all IT solutions implemented within the organisation. With many trying to lock down their infrastructures to prevent shadow IT the balance has been tipped too far. By bringing it out of the shadows and into plain sight, enterprise IT Directors will be able to regain control and ensure their entire infrastructure – wherever it is - is transparent and compliant.

The rise of shadow IT
In its simplest sense, shadow IT has been facilitated by the availability of public cloud services and the potential employees have to independently consume cloud infrastructure, business applications and utility software, either via a free trial or their credit card.

Use of such services, and their costs, easily slip under the radar with huge implications for information security and customer confidence, should data become lost or compromised. With Gartner predicting that by 2016, 35 per cent of enterprise IT expenditure will go to shadow IT resources, the scale of the problem is clear to see.

Understanding the challenges
Enterprises need to understand that shadow IT is here to stay, giving their business agility and speed. Rather than the traditional approach of ‘shut it down’, CIOs should instead focus on future proofing their organisation by embracing shadow IT. Offering access to flexible, on-demand resources with a hybrid cloud portal gives employees the flexibility they desire, but in a structured and secure manner, providing CIOs with the opportunity to regain control over the entire IT environment

The following points outline the key challenges shadow IT presents and how a hybrid cloud architecture, supported by a comprehensive cloud management platform, can provide CIOs and IT departments with the most viable solution to their existing and emerging IT woes.

1. Meeting data protection and privacy needs
Customers need to know where their data is held and expect the holder to be compliant with the appropriate data protection legislations. The unintentional exporting of data via unauthorised shadow IT applications can impact a provider’s reputation and credibility. By adopting a hybrid cloud infrastructure, enterprises can mitigate this risk by providing flexibility and options for each business unit to select a provider of choice – whether via public or private cloud - which can be managed centrally.

2. Auditing and compliance
Most businesses require their partners to meet industry standards and will conduct an audit of their IT environment to ensure compliance. Shadow IT applications however add a layer of complexity if more formal compliance audits need to happen. By bringing all cloud services under one management layer, enterprises can support compliance needs by providing full event logs.

3. Viruses and back doors
Public cloud services often come with a huge library of templates for virtual machines, which sounds great in practice, but can be a risky option. Users of these templates could unwittingly be putting their data and platform security at risk, which can cause problems for future upgrades and application performance.

4. Staff turnover
Employees that have created their own public cloud accounts present a huge business risk if they leave. Under normal circumstances, IT departments liaise with HR to revoke system access, return laptops and mobile phones, to minimise risk to data or systems. When that data and systems are outside of the company’s direct control however, there may be access issues for the business.

5. New systems roll-out
Systems that are being tested or trialled by users in public cloud environments can become production systems almost without a formal roll-out, and with a history of long outages for some key providers, this may impact internal and external customers. One way to keep test and development systems “sandboxed” and away from production users is to keep them on a separate network.

6. Cost control
Over the last few years, availability of cloud computing has meant that the normal IT approval and procurement process is often shortened. Cloud resources are purchased, often on company or personal credit cards, and then expensed, resulting in confusion, wasted time, and spiralling costs. By conducting a review of expense claims to look for cloud services, enterprises can get a good idea of the scale of spending.

7. Getting locked into the cloud
It may seem counter-intuitive that the public cloud can lock you in, however selecting your cloud provider based on your future need means that planning is essential. Shadow IT clearly bypasses this vital step.

Enterprises can mitigate these challenges by adopting a hybrid cloud architecture. This provides more control, flexibility and assures data governance whilst also being structured and secure. As enterprise IT evaluates the best technical approach for hybrid IT management, it’s vital that the speed, flexibility and agility drawing end users to public clouds is preserved in the hybrid model. The most successful models involve enterprise IT as a service provider for public cloud resources, delivering effective on boarding, training, management tools and guidance. If end users feel that these new IT processes are heavy-handed and restrictive, the IT department will be ignored or rejected altogether – driving shadow IT deeper underground.