Shadow IT, the use of applications and services without the approval of IT has always been a problem for organizations.
While it helps business units and workgroups effectively achieve various short-term goals, it greatly undermines the long-term stability of organizations by creating serious security risks that often go unnoticed until it’s too late. Gartner, a leading research and advisory company estimates that one-third of security breaches will be caused by shadow IT by 2020, and the rise of cloud services is largely responsible for this bleak outlook.
According to Skyhigh Networks, a leading provider of cloud access security broker (CASB) technology that was acquired last year by global computer security software company McAfee, the average organization now uses staggering 1,427 cloud services, an increase of 23.7 percent over the same quarter the previous year. What’s worst, only 10 percent are known to IT.
These numbers illustrate a growing tendency of business units and workgroups to sign up for cloud services without approval from the IT department. In the world where various ready-made solutions are available with the click of a button, users are less willing to wait for IT decision and business decision makers to get things moving.
“The culture of consumerization within the enterprise—having what you want, when you want it, the way you want it, and at the price you want it—coupled with aging technologies and outdated IT models, has propelled cloud computing into favor with business units and individual users,” says PwC in a report.
This new form of shadow IT is extremely hard to control, and IT departments that decide to fight it often end up playing a game of whack-a-mole, wasting time, money, and energy without accomplishing anything meaningful at all.
“Suddenly, shadow cloud is a potentially pervasive gateway to new and unknown risks, spiraling growth of operating costs, and potential increase in redundancies,” the PwC report says. “It is harder to find, because it is being procured at small cost and is no longer operating within the bounds of the company,” adds Cara Beston, cloud risk assurance leader at PwC.
Unfortunately, fully embracing shadow IT is not a viable option as well because the associated security risks, which include increased risk of data loss and data breach, inefficiencies, compliance issues, lack of accountability, and poor data visibility.
Gartner instead recommends that organizations “develop an enterprise-wide data security governance program. Identify data security policy gaps, develop a roadmap to address the issues and seek cyber-insurance when appropriate” to prevent data breaches from public clouds.
To efficiently manage the growing IT needs of business units and workgroups, organizations will have to rethink the role of their IT departments. For many small and mid-sized organizations, this will mean partnering with a provider of managed IT and Security services such as Vology.
A managed IT and Security services provider can take care of the big picture of cloud adoption, allowing in-house IT staff to respond to requests from business units and workgroups in an agile manner, aligning the needs of individuals working on different projects within the larger needs of the whole organization.
The reemerging shadow IT requires organizations to rethink the roles of their IT departments and position themselves to take full advantage of modern cloud solutions without willingly accepting the dangers that arise from their improper implementations. For small and mid-sized organizations that lack the resources to manage increasingly complex IT infrastructures, a partnership with a provider of managed IT and Security services such as Vology can be an excellent shortcut to cloud success.