Shadow IT are those solutions that are built inside organizations that do not have approval from the higher ups, or those applications that are used and deployed by departments outside of the IT department. Traditionally, shadow IT is frowned upon and is seen as something that has to be avoided and stopped. IT departments have, time and again, come out with preventative controls and policies to combat these applications, but not only does it not work in the long run, it is also a big waste of precious dollars.
But is shadow IT really that harmful as we think it is? Keep in mind that shadow IT, in this age of the cloud, includes such services as Google Apps, Box, Salesforce and Office 365. And as you can imagine, these services are really helpful. And even if these are not approved by the IT department, other departments can easily get into these services and use it. Verizon, in its State of the Market: Enterprise Cloud Report for 2014, states that you might not even need to worry about shadow IT. That is it does not really pose the big risk that it used to be. In fact, Verizon conclude that the best CIOs out there have built stronger ties with business leaders within their organizations to eradicate shadow IT.
When rogue becomes enterprise and the rise of new shadow IT
So what happens now? IT departments identify cloud applications that they can include into their enterprise SaaS portfolio. These are cloud applications that are used by a majority of your employees such as the services we have already mentioned.
But then this gives rise to a new class of shadow IT. Just imagine this. According to Adallom’s Cloud Usage Risk Report and Skyhigh Networks’ Cloud Adoption and Risk Report, a typical business uses around 831 cloud-based services, but only four primary services are used by the majority of employees in any given company. These are part of the new shadow IT.
Another big component of the new shadow IT is the applications built by third parties for platforms that are actually approved by your IT department. For example, Salesforce.com has the Salesforce AppExchange, while Google Apps has its Marketplace. So you could be using a kosher Google App service, but then goes on the marketplace to install one of the millions of applications there to use with Google Apps. It would be very difficult for IT departments to know which of these apps are being used by their employees and what security implications are there.
And the security scenarios could be unpalatable. For example, Adallom reports that there have been instances when add-ons have tricked unsuspecting uses to upload confidential data. Plus governance becomes a whole lot more complex considering that these third party applications and add-ons now have cross platform applications, such as the one you see with the Salesforce and Dropbox integration.
The cloud’s software as a service platforms can provide your businesses with better applications that can easily trump legacy applications created by the IT department, as well as cutting the wait time and the costs associated with in-house IT apps. But it comes with new security risks that you may not be aware of. Trust on Four Cornerstone to help you come up with a way to stem shadow IT. Call us at 1 (817) 377 1144.
You can also count on us when it comes to Oracle consulting in Dallas.
Photo by Adrian Snood.