Most CIOs have an inkling that employees in their enterprise have snuck a few applications past the IT department, but a new study by Cisco indicates that they are vastly underestimating the extent that unauthorized apps and services have infiltrated the network.
Consulting with CIOs and analysing network traffic in a set of large enterprises in a variety of industries, Cisco determined that the typical firm has on the order of 15 to 22 times more cloud applications running in the workplace than have been authorised by the IT department.
That level of pervasive shadow IT can create new security threats and introduce considerable waste into the enterprise, as employees in different business lines purchase duplicative services for common processes like storage and collaboration.
“If they can’t see these cloud services being consumed, they can’t see the risk that’s being incurred,” says Bob Dimicco, global leader and founder of Cisco’s cloud consumption service practice. “[If] you can’t see it, you really can’t manage it.”
And by Cisco’s tally, there is quite a bit that CIOs aren’t seeing. On average, CIOs surveyed estimated that there were 51 cloud services running within their organisation. According to Cisco’s analysis, the actual number is 730.
The lion’s share of the unauthorised cloud applications that Cisco identified fall into the categories of Software-as-a-Service or Infrastructure-as-a-Service, with platform-level applications a distant third.
Pervasive
And it cuts across sectors. Even in highly regulated industries such as healthcare and financial services, Cisco found between 17 and 20 times more cloud applications running than the IT department estimated.
“The shock to the CIO was the magnitude and the pervasiveness,” Dimicco says. “What was news here was, wow, this is happening in every industry, and in every industry the magnitude was much larger than what people expected.”
Cisco points to a confluence of factors that have led to the rise of shadow IT, which Dimicco boils down to two overarching trends – “hyper-connectivity” and what he calls “hyper-distributed clouds,” where data can reside across an interconnected set of public and private deployments.
“These are creating some unique problems for the CIO,” Dimicco says. “[T]he CIO looks at this landscape – it’s very different than what it was a couple years ago.”
Indeed, Cisco has documented a 21% increase in the volume of applications in use in the large enterprises it tracks just from the second half of 2014 to the first half of this year.
How CIOs can deal with shadow IT
So how is the CIO to respond to the surge in shadow IT? Dimicco outlines two broad options, and sees a clear choice.
On the one hand, CIOs can turn a blind eye to the problem and continue to provision cloud services as they have been, which, it seems clear enough, is not meeting the needs of end users.
Alternatively, he suggests that CIOs and other enterprise leaders rethink how their organisations approach IT on a fundamental level, and consider setting up new governance structures that would help bridge the gap between lines of business and the tech department.
“Rather than trying to stop it, I’m going to look at it and say this represents hybrid IT,” he says.
“It starts with discovering and identifying what’s being used,” Dimicco says, “and then taking that data and applying it to an informed cloud strategy so the IT organisation can be a broker.”
Dimicco notes that some organisations – including Cisco – have established something like a cloud governance board to help rein in shadow IT and ensure that end users are getting the applications and services that they need to do their job. CIOs can help that effort by setting up a catalog of approved cloud services that users can select from to speed up the provisioning process.
“It’s really clear, employees and lines of business have spoken – they want choice, they want greater speed and agility,” Dimicco says. “IT has lost control here, because organisations, lines of business are saying I can go to the Web and get an application or a service within minutes and start being productive.”
CIO.com
Subscribers 0
Fans 0
Followers 0
Followers