Shining a Light on Shadow IT
To bring shadow IT under control, IT departments must accept its inevitability and find ways to manage its use.
You can’t stop the rain from falling. You can’t stop the tides from coming in and going out. You can’t stop the sun from rising in the east and setting in the west. And you can’t stop shadow IT from invading the enterprise.
This may sound defeatist, but it really isn’t. I’m not going to argue that shadow IT (SIT, as some pundits call it – the ones who haven’t taken liberties with the acronym yet, anyway) is your friend, but neither is it the barbarian at the gates of your security perimeter. Unless, of course, you allow it to be.
For those not yet in the know, shadow IT refers to data users provisioning their own IT infrastructure, either in the cloud or elsewhere, using non-approved resources. To IT, this is an egregious violation of the rules, but the fact is, as Intronis’ Ron Miller points out, it’s usually just a case of people trying to get their jobs done and frustrated at the slow pace of traditional IT provisioning or the shoddy performance of in-house applications. Nevertheless, you can’t have data careening willy-nilly all over the Internet. What can enterprise IT managers do?
One solution is to clamp down on unauthorized IT activity. This may work to some degree, but it will be rather expensive and very difficult to enforce. Technically, anyone who has ever opened an enterprise file on a mobile phone using a cloud-based file-sharing app has provisioned shadow IT. And while you're trying to prevent your employees from accessing their desired resources, your competitors are reaping the benefits of greater productivity, faster development and improved responsiveness to changing market conditions.
The only logical conclusion is not to stop shadow IT, but to manage it. CITEworld’s Matt Rosoff offered some useful tips recently. The first steps are to figure out what data and apps are too critical for open-ended cloud services and find a way to isolate and secure them. IT and business units must communicate clearly and openly regarding the whos, whats, wheres, whens, whys and hows of self-service provisioning. Moving all IT operations onto the cloud – either public, private or hybrid – goes a long way toward easing the provisioning process for users and allows for all manner of advanced encryption techniques and other measures to protect data as it leaves local infrastructure.
In order to do this, though, IT will need to adopt a more proactive stance toward business units and their functions, says Cisco’s Marlow Fenne. Get involved in their project planning processes as early as possible and offer credible solutions to enable people to meet their goals. At the same time, impress upon users that things like compliance, interoperability, and infrastructure management and control still matter and that no one benefits if the entire data ecosystem descends into anarchy.
In short, says Kachina Shaw of Enterprise Networking Planet sister site IT Business Edge, managing shadow IT should be viewed simply as part of running the business. This requires a much more nimble approach to management. Sometimes IT will need to intervene in the provisioning process. At other times, it will have to stand back. At all times, though, IT should communicate that it is ultimately responsible for the health and security of the data ecosystem, not as the heavy-handed gatekeeper of old, but as a new, more cooperative body that is here to help. And, of course, there is and will continue to be a steady stream of new platforms and technologies designed to help IT with this swirling miasma of virtual infrastructure, shared resources and dynamic data services.
Shadow IT is not your friend, nor is it your enemy. It just is. Ignoring it won’t help. Blocking it will only hobble your ability to grow and innovate. Only by engaging shadow IT can the enterprise hope to leverage it for the greatest possible advantage.
Photo courtesy of Shutterstock.
Arthur Cole covers networking and the data center for IT Business Edge. He has served as editor of numerous publications covering everything from audio/video production and distribution, multimedia and the Internet to video gaming.