By Corey Nachreiner, CTO of WatchGuard.
The rise in use of external cloud-based services without the knowledge or approval of the IT department is a growing cause for concern among CIOs. Gartner now predicts that technology spending outside IT will reach 90 percent of the total budget by the end of the decade.
Rather than try to fight the tide, Gartner suggests IT should outline when it is appropriate for business units and individuals to use their own technology solutions. But a lack of centralised control is a scary model for leadership and IT.
Imagine the following scenario. Each department in your company is utilising its own file sharing service without IT’s permission; Dropbox, Google Drive, Box, etc. Because these cloud applications rely on external servers and networks beyond your control, they aren’t beholden to traditional management, monitoring and security tools. Thus, they could open the company up to a wealth of external security and compliance issues. More importantly, the IT department is in the dark which means they are virtually helpless when it comes to monitoring and mitigating any problems.
Given that shadow IT and cloud services will continue to grow in popularity, it is crucial businesses consider the following tips when looking to keep a light on shadow IT:
- Understand each department’s needs. When employees do setup external shadow IT services, it’s usually to better perform their responsibilities at work. You need to find out why they skipped you. If you have a more modern security appliance with good reporting and visibility tools, you can use them to help discover why and when an unapproved service was introduced.
- Give clear guidelines. If you haven’t told your employees how to go about requesting a new IT service, or what the policy is on using external SaaS services, people will almost certainly use them without asking for support or permission.
- Be proactive. If you regularly approach the various departments in your organisations to make sure they have the IT services they need, it will encourage them to come to you when they need something, rather than viewing you as a roadblock.
- Pick your battles. Some SaaS offers deal with data that may be less sensitive or risky for your company. Other cloud services can actually be the most secure option, as long as IT can manage and monitor the data being shared within the cloud. In these cases, it may be best to let it go and reserve efforts for high-risk, high-priority circumstances.