Skip to main content

Taking back control: how to defeat the perilous spectre of shadow IT

4. Security of data

In a well-managed development process, extensive testing against a variety of data is mandatory. However it can be hard to generate realistic data so developers often use production data and anonymise it in some way. Keeping the test data in a controlled environment and knowing where it is, is essential to keeping it secure. Any breaches via a public cloud application can have a detrimental effect on reputation and future operations.

5. Staff turnover

When employees have created their own public cloud accounts which hold test or production systems, this presents a huge business risk when those employees leave. Under normal circumstances, IT departments liaise with HR to revoke system access, return laptops and mobile phones, to minimise risk to data or systems. When that data and systems are outside of the company's direct control, however, there may be access issues for the business.

6. New systems rollout

Systems that are being tested or trialled by users in public cloud environments can become production systems almost without a formal rollout. This has implications for SLAs and with a history of long outages for some key providers, this may impact internal and external customers. One way to keep test and development systems "sandboxed" and away from production users is to keep them on a separate network.

7. Security of IP

When developers use public cloud services such as Pastebin, Github, RubyForge and StackOverflow to share code with each other, there is a risk to your intellectual property. This challenge can be partly met by having control over which templates can be used and providing your teams with a viable alternative by selecting appropriate software, building a template and making it available as a shared template in your application library.

8. Cost control

Over the last few years, availability of cloud computing has meant that the normal IT approval and procurement process is often shortened. A need is identified and cloud resources are purchased, often on company or personal credit cards, and then expensed. Sometimes free trial accounts are used which shortens the process even more.

This results in confusion, wasted time trying to figure out the process, and spiralling costs. By conducting a review of expense claims to look for cloud services, enterprises can get a good idea of the scale of spending.

9. Getting locked into the cloud

It may seem counterintuitive that the public cloud can lock you in. With many cloud providers, you can't export your VM image or even "clones" of those images in private template libraries. Selecting your cloud provider based on your future need means that planning is essential, and the shadow IT approach clearly bypasses that vital step.

Hybrid is the answer

Enterprises can mitigate the challenges highlighted above by adopting a hybrid cloud architecture. This provides more flexibility, while also being structured and secure, maintaining control and assuring data governance.

As enterprise IT evaluates the best technical approach for hybrid IT management, it's vitally important that the speed, flexibility and agility drawing end users to public clouds in the first place be preserved in the hybrid model.

The most successful models involve enterprise IT as a service provider for public cloud resources, delivering effective on boarding, training, management tools and guidance to the business units who want to take advantage of public cloud services. If end users feel that these new IT processes are heavy-handed and restrictive, the IT department will be ignored or rejected altogether – driving shadow IT deeper underground.

  • Ian Finlay is Vice President at Abiquo