What is Shadow IT?
The term “Shadow IT” (aka “Rogue IT”) has broken from those shadows and become a mainstream phenomenon within the IT industry, but what is it?
To be clear let me state here and now two things that it most definitely is not:
- It is not security breaches by external parties (e.g. the notorious use of Gh0st Rat)
- It is not the use of the dark-web
Shadow IT starts, typically, with more innocent intentions. It is the use of IT provided from sources other than those that are provided or approved by the IT department of an organisation. It stems from the consumerisation of IT for home users, the frustration that these same users have with their work IT not providing the same level of service that they
obtain outside of work. This leads to the logical step of using that same home IT solution in the workplace. Many people will be prompted to ask “So what?”, after all it does not cost the IT department anything, nor do they have to support it. That’s a clear “win – win”.
If it were that simple then indeed it would be a win-win and it would certainly not have the name of “Shadow IT” attached to it!
With the proliferation of “free” and easy-to-use cloud solutions to address technical challenges the situation can rapidly get out of control at a rate which has never been seen before. You will not be the first, nor alone, in finding that an individual has engaged in the use of a consumer cloud solution. They may have solved their immediate problem that could not be solved to their satisfaction by the corporate IT function, but without reading all the terms and conditions in the agreement (very few people ever do) they are likely to have also:
- given up ownership of all the data that is being hosted by the cloud provider. This may mean that sensitive data, or data that forms part of a revenue generating product, is no longer within your control. The data in the consumer cloud solution now belongs to the cloud provider
- not conducted the due diligence to ensure that any data, that is required to, remains within the correct geographical area. European Data Protection directives impact where personal data may be held
With a recent survey by Frost & Sullivan suggesting that over 80% of employees use non-approved SaaS applications in their jobs, Shadow IT needs to be addressed in every organisation.
This is not a small problem either. A recent Cisco report discovered that companies are using up to 15 times more cloud services than CIOs were aware of or had authorised. Nor is a specific industry or geography exempt from the effects.
Of course all this costs money. The same report shows that the true cost of public cloud is 4 to 8 times higher than the cost from the private cloud provider.
So What Can The IT Department Do To Combat This?
A few things I can suggest are:
- Discover the frustrations of staff that are causing them to ‘go outside’ the IT department and see what you can do to
- Improve the lines of communication so staff know what systems are in place and the issues that these address
- Educate employees on the dangers of unauthorised software/apps
- Institute governance and develop a formal policy on BYOD and Shadow IT
Shadow IT is not going to disappear so it needs to be managed. It is an ever-evolving and moving creature. It changes as the trends of consumer IT change and is now an ever more mobile challenge, and BYOD further increases the challenges.
How Can We Help?
Engage ESM have been helping customers put governance around request and provisioning cloud infrastructure services using ServiceNow for a number of years. With the recently announced partnership with CliQr we now help put the same governance around the request, provision and billing of cloud apps as well. We can enable you to make your corporate IT more akin to the consumer experience that your users want.
To understand more please visit Cloud Brokerage