Taking back control: how to defeat the perilous spectre of shadow IT

How the cloud can solve shadow IT woes

Despite its name, the business challenges of shadow IT have emerged from the darkness in recent years and are now firmly in the spotlight. With PwC estimating that shadow IT accounts for between 15% to 30% of IT spending outside of the IT enterprise budget, it not only presents a real blind spot for enterprises, but has a significant impact upon the security and integrity of company information, and in turn, customer confidence.

IT departments no longer have control over all IT solutions implemented within the organisation, with many taking the approach of trying to lock down their infrastructures to prevent shadow IT purchases from occurring.

The balance however has been tipped too far and by bringing it out of the shadows and into plain sight, enterprise IT Directors will be able to regain control and ensure their entire infrastructure – wherever it is – is transparent and compliant.

The rise of shadow IT

In its simplest sense, shadow IT has been facilitated by the availability of public cloud services and the ease with which every single employee has the potential to act independently from the IT department and consume cloud infrastructure, business applications and utility software either via a free trial or paid for by their credit card.

Use of such services, and their costs, have not been approved by those that hold the purse strings and so easily slip under the radar with huge implications for information security and customer confidence, should data become lost or compromised. With Gartner predicting that by 2016, 35% of enterprise IT expenditure will go to shadow IT resources, the scale of the problem is clear to see.

Understanding the challenges

Instead of burying their heads in the sand, enterprises need to understand that shadow IT is here to stay, giving their business agility and speed. So rather than the traditional approach of 'shut it down', CIOs should instead focus on future-proofing their organisation by embracing shadow IT, and offering access to flexible, on-demand resources with a hybrid cloud portal.

This gives employees the flexibility they desire, but in a structured and secure manner, providing CIOs with the opportunity to regain control over the entire IT environment.

The following nine points outline the key challenges that shadow IT presents and how a hybrid cloud architecture, supported by a comprehensive cloud management platform, can provide CIOs and IT departments with the most viable solution to their existing and emerging IT woes.

1. Meeting data protection and privacy needs

Customers need to know where their data is held and when handing it over, expect the holder to be compliant with the appropriate data protection legislations. The unintentional exporting of data via unauthorised shadow IT applications can impact upon a provider's reputation and credibility.

By adopting a hybrid cloud infrastructure, enterprises can mitigate this risk by providing flexibility and options for each business unit to select a provider of choice – whether via public or private cloud – which can be managed centrally for no nasty surprises.

2. Auditing and compliance

Most businesses require their partners to meet industry standards and will conduct an audit of their IT environment to ensure compliance. Shadow IT applications add a layer of complexity into this process if more formal compliance audits need to happen. By bringing all cloud services under one management layer, enterprises can support compliance needs by providing full event logs.

3. Viruses and backdoors

Public cloud services often come with a huge library of templates for virtual machines, which sounds great in practice, but can be a risky option as some will have backdoor access, Trojan horse software, fail to identify viruses or create insecure default configurations. Users of these templates could unwittingly be putting their data and platform security at risk, which can cause problems for future upgrades and application performance.