Standardizing Shadow IT

When employees face restrictions at the work environments, they could potentially turn into workarounds, hacks, quick fixes, or any backdoor entries what they find it necessary to perform their business functions effectively. These solutions are part of important source of innovation but what it lacks is the organization’s requirements for control, reporting, documentation, security, and reliability. Hence bringing uncertain and significant risk – these are called as “Shadow IT” that also goes by the name “Stealth IT” or “Rogue IT” to describe solutions that are not specified and deployed by the IT department.

Examples of these Shadow IT solutions range from use of online messaging, webmail, cloud storage, or external cloud computing platforms. IDC 2013 US Cloud Security Survey says that 72% of organizations saw at least one incident of unauthorized use of cloud computing and 45% of IT organizations had at least one instance of unauthorized IP upload to cloud service. The reasons for Shadow IT consumption are:

  • Lack of internal process clarity
  • Lack of control over provisioning of services
  • Ignorance of general industry standards and security best practices
  • Expanding business that requires BYOD, Internet of Things, and Big Data
  • Quicker response time
  • IT budget of the organization

Shadow IT provides the business units with speed and efficiency at cheaper costs and thus become the breeding grounds for innovation. While paving way for innovation in organization, there are risks associated with business units driven towards Shadow IT solutions. Potential risks include:

  • Data loss / leaks
  • Intellectual property and applications moving out of organization’s firewall and across geographies
  • Security vulnerabilities
  • Lack of regulatory standards and governance
  • Legal liabilities
  • Making of “silos” and thereby lack interoperability with other data/applications

It is not easy to shut down or ignore Shadow IT as the user will find innovative hacks for security restrictions that are considered “necessary to run business” to them. Organizations with highly valuable or sensitive data or intellectual property are the logical targets of economically or strategically motivated attackers. Vertical industries such as government, banking, financial services, energy, defense, retail, technology, manufacturing, healthcare, and others are ideal targets for these attacks. At the same time, Shadow IT brings agility and lower operational costs that cannot be overlooked by CIOs. It is quite possible to regulate Shadow IT and make it legit.

  • To avoid public cloud storage, Syncplicity comes to the rescue as the leader in enterprise file sync and sharing
  • Build your own private cloud with core EMC Cloud Portfolio (VMAX, VCE, VNX) and offer IT as a Service to business units
  • If public cloud offerings cannot be ignored, control and regulate with EMC Hybrid Cloud
This entry was posted in Cloud and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s