The Rise of Shadow IT

by Rog42 on 27 January 2012

Project 2012: Day 27

Car CloudShadow IT is not new of course. For as long as I’ve been in IT there have been more technical users bringing consumer products into their organisations to connect to the network. I first saw this when programming COBOL on IBM 3090’s in the late 80’s when my Systems Analyst brought her PC into the office.

Over the years individuals have brought in network hubs, rogue wireless access points, and more recently, unsupported smartphones.

Generally this happens because the individual, or the business unit, believes IT can’t provide the functionality they need as quickly, cheaply, or effectively as they can themselves. Of course even if they are right, this creates business risk that is your responsibility to contain.

Disruption

Pretty much until recently IT has been able to contain these efforts. It’s relatively easy to secure the network against rogue entry points, block protocols or websites at the gateways, and require authentication schemes that stop mobile devices from attaching to the network.

The advent of cloud means that for the first time in the industry the business can totally bypass IT. Need a CRM system, take out your Amex and subscribe to Salesforce.com; a new expenses management system: Shoeboxed.com; synched, shared storage: Dropbox.com or Box.net; and the list goes on.

Increasingly the control of IT assets will shift from IT to the business. By 2016 Gartner predicts that over 30% of IT budgets will be owned by the business. This has large implications for the CTO.

Here’s a couple of thoughts to support your IT strategy through this changing time:

  • Audit:
    • Ask the CFO to do an audit of corporate spend for IT services, specifically expenses under $5,000 on individual charge cards.
    • Ask the COO or your IT Manager to scan for cloud websites on port 80/443 – common domains include the ones above, as well as aws.amazon.com, rackspace.com, gmail.com, live.com etc.
  • Analyse:
    • Use this to map out the services the business perceives that IT can’t/won’t provide.
    • Aggregate the tangible costs to the business, as well as potential risks
  • Comunicate: Create a roadmap that:
    • Enables IT to adopt public cloud services in a cohesive (i.e. corporate negotiated rates) and secure manner, where appropriate.
    • Catalogue the Services that your organisation does provide, and whether they will shift to managed public cloud, trusted community or private cloud, or remain as on-premise services.
    • Provides a regular update to all business units about risk of specific public services, and alternatives that IT has put in place to support the business.

In summary, the first step to adapting your IT organisation remain current is to understand which IT services the business is actually using.

Tagged as: Cloud, Mobile, Shadow IT

Leave a Comment

Previous post:

Next post: