Shadow IT, cloud applications downloaded by employees and used without the knowledge of and outside the control and security of the enterprise IT team, now represent the majority of cloud services in use across the business landscape. It’s not easy to lure rogue application users back into the corporate network, but it can be done — and it’s essential to do so.
- Examines why shadow IT poses so many dangers to modern business.
- Explains how organizations can neutralize these threats.
- Covers what to offer your shadow IT violators including their shadow IT violators the preferable access, preferable transport and vastly preferable speed of private connectivity and SD-WAN — the most persuasive argument to bring rogues flocking back home to safe, secure control.
IT departments attempting to rein in colleagues that launch independent shadow IT initiatives have discovered that threats and punishments just don’t work. Here’s how to lure shadow IT violators back with superior services like private connectivity and SD-WAN.
Not so long ago, a Cisco study compared the average number of cloud services a corporate IT department reported in use to the average number discovered from a system scan. IT knew of just 51 out of 730, meaning there were 15 to 22 times more cloud services purchased without IT’s involvement.
This “shadow IT” problem continues to spiral out of control. Shadow IT initiatives now represent the majority of cloud services in use across the business landscape: Microsoft reports that 61 percent of cloud applications go undetected by IT, which often ends up as an unmanageable and potentially dangerous array of different services and platforms.
Companies who try to stop these shadow IT rogues have been broadly unsuccessful, but sometimes the carrot is better than the stick. This report examines why shadow IT poses so many dangers to modern business and explains how organizations can neutralize these threats by offering their shadow IT violators the preferable access, preferable transport and vastly preferable speed of private connectivity and SD-WAN — the most persuasive argument to bring rogues flocking back home to safe, secure control.
The Dangers of Shadow IT:
- “Better to beg forgiveness than to ask permission.”
- “You may have to break some glass, but get it done.”
- “Fortune favors the bold.”
All of these adages have been used to justify the actions of line-of-business (LoB) departments that grew impatient waiting for their organization’s IT team to fulfill a request and decided to go do it themselves … rules and policies be damned. Cloud computing has made it particularly easy to end-run IT and independently contract the services LoBs need; in many cases it requires little more than filling out an online form.
The risks posed by this shadow IT epidemic are many:
- Loss of Control. The IT department is tasked with assuring compliance with all corporate governance policies as well as any external ones, including simple acceptable use policy, but it’s impossible to control what you do not and cannot see. Literally anyone in the enterprise can cause legal, fiducial or other exposure.
- Theft. By not availing themselves of corporate networks and data security, staffers leave themselves open to data theft and ransomware. Conversely, departing employees can hijack corporate customer, financial, design and other proprietary data simply by sending it to a personal cloud storage service such as Dropbox.
- Silos. One of the cardinal objectives of any IT department is to eliminate data silos and make all corporate data available to all departments under the control of strict authorization rules. An LoB that has decided to launch its own IT initiative isn’t about to share much.
- Application Sprawl. Another major IT objective is enforcement of standards to reduce training and support costs, among other values. With almost two-thirds of cloud projects being launched on their own, it’s likely that data will be strewn across Dropbox, Box, iCloud, OneDrive, G Drive and others. Nothing stands in the way of each department using different applications for everything, and consistency disappears.
- Waste. By starting their own cloud account, the LoB may fail to take advantage of corporate volume buying programs already in place. Many companies inventory cloud licenses when their user departs; these sit idle until another user requires them. By going rogue, the shadow IT LoB spends on an asset the company already owns.
- Brick Walls. Since the shadow IT culprit doesn’t want the IT department to know about their operation, they cannot obtain IT support. The alternative is to approach the cloud provider, which may lack the capability to help. Many shadow IT initiatives hit a brick wall at this point: some rogues swallow their pride and approach the IT staff for help, but any path they choose is unpleasant.
How Shadow IT Undermines Innovation
As the way in which we approach and use the cloud matures, shadow IT initiatives present even greater risks.
Many organizations are rapidly replacing ancient “waterfall” software development methodologies (which produce traditional “monolithic” applications) with nimbler microservices strategies using orchestrated containers to transport and facilitate application performance in the cloud. These IT departments are investing the time and care to build their knowledge base regarding how to best deploy, manage, secure, audit and scale application infrastructure, which is often specific to a given LoB or industry vertical.
Shadow IT operates outside these controls, however, potentially wreaking havoc on the entire network, but most certainly proceeding in an inefficient, uninformed manner. This operate-in-a-vacuum approach may be effective — and perhaps even acceptable — for initial application prototyping and proof-of-concept development. But going beyond that introduces operational concerns around how best to integrate public cloud applications into traditional infrastructures.
Consider also the impact on DevOps, which was created in response to the observation that software developers and systems operators functioned in complete ignorance of each other. This was always to their detriment, as well as to their users’. DevOps teams are learning that when operation IT organizations work in concert with development IS teams, they more rapidly come to understand how to seamlessly integrate public cloud infrastructure into the corporate governance model for application life cycle management. Again, however, shadow IT users operate outside this expanding environment, making them unable to take advantage of this new unity.
In addition, DevOps and DevOps-like teams have matured their use of automation tools as part of their strategy to facilitate the development and scaling of processes used by their various teams. Along the way they found challenges when automation implementations brought new levels of networking complexity caused by a lack of unified data models and abstractions. Connections to cloud providers over VPN or direct connections still require platform-native knowledge and skills; IT teams struggle to fully realize the benefits of automation due to the need to maintain platform-dependent expertise. Shadow IT projects only exacerbate the problem by introducing additional platforms, often for no defensible reason.
Time to Come Out of the Cold
The traditional strategies for combating shadow IT are downright draconian, ranging from seekand- destroy purges to “make-an-example-ofthem” terminations. These tactics have achieved little; mission-driven departments continue to find ways around them.
A more logical approach is appealing to what the LoB was seeking when they first decided to go rogue, and acknowledging that the LoBs themselves know best what their department requires. If IT is going to serve them while also serving the organization’s priorities, the smoothest, surest path is to stop opposing the rogues and instead learn from their frustration to help IT improve.
That path begins by offering LOBs private connectivity, which reduces bandwidth costs, eliminates latency and provides elasticity while remaining compatible with all cloud services. While emerging aggregators can provide multicloud direct fabric connectivity to all the majors, customers will still want maximum bandwidth from their own premises to the direct connection or aggregator; software-defined wide-area networking (SD-WAN) is rapidly becoming the preferable option for these resources.
Here are a few examples of how introducing private connectivity and SD-WAN can bring shadow IT offenders out of the cold:
- By offering private connectivity, the IT department provides any-to-any connectivity seamlessly enabling the user community to manage infrastructure homogeneously, while allowing IT to focus on implementing and operating security, auditing and scaling in a way that unifies traditional on-premises infrastructure with cloud infrastructure. Native support for automation platforms becomes more important as applications require simpler, more seamless integration into the organization’s automation strategy. This flexibility also makes it easy for companies to transition from legacy applications to multitier solutions.
- LOBs now have the flexibility to establish network connectivity in an any-to-any fashion. Whether connecting diverse workloads running in different clouds or connecting public cloud workloads to private data centers, they’re getting an easily accessible platform that provides true versatility for interconnecting applications.
- More and more of today’s microservice-based applications leverage multicloud capabilities. By providing access to AWS, Azure, Oracle Cloud, Google Cloud and other, more specialized cloud providers, developers can take advantage of features and capabilities that are unique to each platform.
- Everyone feels the need for speed, and your shadow IT offenders are no exception. Available transport services, especially those leveraging SD-WAN, meet that need via scalable connections ranging from 50Mbps to 10Gbps.
Not only does every project undertaken by a corporate IT department benefit from these improvements, but internal customers of IT also benefit from network infrastructure enhancements driven by the needs of software development. Insightful IT executives recognize their companies often see them as a cost center; LOBs, by definition, are profit centers. Better, faster, more resilient support for the applications and services that drive LoB operations helps win LoB influence when budget decisions are being made — and nothing is more powerful than the backing of the company’s profit engines when building a business case for new capabilities like these.
If your organization is struggling with an overabundance of shadow IT — or even if it’s not — there’s much to be gained from exploring private connectivity and SD-WAN solutions and embracing their ability to deliver the access and transport that every department and LoB finds irresistible. When shadow IT violators come back into the corporate network, you regain control, you protect budget and you eliminate the risk of silos. Even if you don’t need increased bandwidth, reduced latency and lower costs to make your departments (and C-suite executives) happy with your IT services, you’ll find these solutions keep them happy and aligned with IT’s objectives and ambitions moving forward.