Sometimes it seems as if the enterprise is so caught up in preparing for the future that it fails to notice what is happening in the present.
The cloud is a prime example, with most top data executives enamored by visions of limitless, federated infrastructure able to do anyone’s bidding at the touch of a few mouse clicks. In the meantime, however, few are overly concerned by the unorganized spread of data across external cloud platforms, the so-called shadow IT, despite the significant loss of control it represents.
According to CipherCloud, about 86 percent of enterprise applications are now tied to shadow IT, especially those involved in publishing, social networking and career-based functions. This should be of particular concern to the enterprise considering the increasing sophistication of mobile malware and the ongoing spate of massive data breaches. However, many organizations are not even aware of the scope of the problem: One major enterprise in the survey claimed to have only 15 file-sharing apps in use when in reality it was nearly 70.
When the specter of shadow IT first appeared some five or so years ago, the overwhelming consensus among leading experts was to embrace it rather than fight it by shutting down access to non-IT assets and applications. However, too many organizations seem to have skewed that advice to simply ignore the shadow IT problem, which is just as bad, according to SunGard’s Tim Waltermire. Instead, a proactive approach involving a reputable cloud provider or an internal private cloud is your best bet. In this way, users gain all the flexibility of cloud-based mobility and file-sharing while the enterprise maintains control and management through a secure interface.
This is easier said than done, however. As NetSkope VP Eduard Meelhuysen noted on Tech Radar recently, the first step in controlling shadow IT is to understand it, so a detailed audit of all apps and services in use by the knowledge workforce is the first order of business. Following that, you’ll need to consolidate and organize less-critical apps and establish strict policies regarding data sharing, uploading and even downloading. You will also need to extend broad visibility into the cloud, right down to the data under storage and then, only as a last resort, block apps with known vulnerabilities.
But probably the best thing the enterprise can do to combat shadow IT is formally embrace the cloud as the basis for data infrastructure, says Cloud Technology Partners’ David Linthicum. Initially, most organizations pushed back against the cloud as a threat to internal stability, which merely prompted business units to seek necessary services from the outside. Now that the cloud has taken a firm hold in the enterprise, shadow IT will diminish naturally as internal resources gain the flexibility and availability that knowledge workers require. In fact, you could argue that shadow IT is a net positive for the enterprise because it creates the impetus to shed aging, silo-based infrastructure in favor of a more flexible, dynamic environment. And ultimately, this will allow many organizations to abolish their IT cost centers entirely in order to focus resources on more profitable endeavors.
The transition to a full cloud footing, whether on public, private or hybrid infrastructure, will last a while longer, however, so the enterprise will still need to remain vigilant regarding the use of data and resources. This will invariably involve a tug-of-war between employees who are looking for the quickest and easiest way to do their jobs and IT departments tasked with enabling and securing the enterprise data environment.
The phrase “If you can’t beat them, join them” certainly applies to shadow IT, but it is incumbent upon the enterprise to join them as quickly as possible.
Arthur Cole writes about infrastructure for IT Business Edge. Cole has been covering the high-tech media and computing industries for more than 20 years, having served as editor of TV Technology, Video Technology News, Internet News and Multimedia Weekly. His contributions have appeared in Communications Today and Enterprise Networking Planet and as web content for numerous high-tech clients like TwinStrata, Carpathia and NetMagic.