Getting Ahead of Shadow IT

June 21, 2016

Michele Borovac

Enterprise IT organizations today are like jugglers—jugglers who have to keep five baby kittens in the air while balancing on a tightrope over the Grand Canyon. In all seriousness, they are expected to build and maintain a data center that can meet both the current and constantly changing needs of the business while reducing costs and, often, headcount. If they bet on the low side, they underprovision, resulting in application slowdowns, long lead times to spin up new projects and grumpy users who may take actions into their own hands. If they bet high and overprovision, they end up with a lot of blue blinky lights that sit idle and some very grumpy finance folks. For any IT organization, finding the right balance on this tightrope is critical.

With the plethora of applications and resources available in the cloud, users may find it faster to go around IT and spin up compute resources in AWS or Azure to meet their needs. In fact, the average large enterprise uses an average of 1,220 individual public cloud services, according to Cisco. But this ‘Shadow IT’ should raise a number of serious concerns for any business. Business units hungry for immediate gratification spin up VMs in the cloud, which can create serious security and compliance issues. Applications are often not protected or backed up, or even properly licensed—it’s a rogue operation that eventually hurts both the business units and IT. Another problem arises when business units ramp up development projects in the cloud without IT engagement: As one customer said, “These projects always come home to roost,” which leaves IT managers scrambling to complete projects that were not set up according to their process.

So, how can you put the necessary controls in place to protect your company while still supporting business innovation at a pace that meets user demand?

Develop Your Policy
First, make sure your organization is clear on your policy. Are there certain cloud applications that are OK for departments to use, like Dropbox or Asana? Or, are there specific data types that you need to keep on premises for compliance reasons? If your IT organization isn’t clear on policy, you can’t expect your users to be.

Communicate
Be clear. Make your policy well known, and—like any parent with an unruly teenager—be sure that employees are clear on consequences. Protecting company data is everyone’s job. Team up with your security, compliance and governance counterparts—they can and should support your efforts.

Understand
Try to understand why business units are going around IT to begin with. Make sure you know how long it takes to provision server resources or virtual machines. If the answer is days or weeks—then no wonder your internal customers are going to AWS. Make sure that what they think is reasonable aligns with what you think is possible.

Keep Your Frenemies Closer
Many folks in IT have eyed public cloud with suspicion, concerned that they may outsource themselves out of a job. The public cloud can be a great asset—especially if your organization is hamstrung by tight budgets and slow procurement. Extending applications to the cloud can make you more agile and give you endless scalability. If business units want to use the cloud—within your policy guidelines, of course— streamline the process and help them.

In all, the public cloud is an undeniable boon to business growth and agility—learn it, embrace it, leverage it.