A recent survey done by 2nd Watch found that more than 90 percent of business units in companies surveyed were using cloud services to conduct business. Some use it a lot; some use it less, but all are using it.
Ideally, they are getting their cloud services through the IT department. This allows the company to ensure availability, reliability, and security for the entire company. Unfortunately, this is not always the case. IT departments are hindered by aging infrastructure, tight budgets, and the inability to provision resources at a moment's notice.
Shadow IT Emerges
When IT cannot provision resources fast enough for other departments, they will do it themselves. The growth of "shadow IT" is staggering. The same 2nd Watch survey found that more than 60 percent of business units using cloud services were bypassing IT completely to do so.
Shadow IT services may solve immediate problems for business units, but it causes many other problems for the company. Consider these:
- It can increase costs for IT services since each business unit is doing its own thing. The company cannot leverage discounts by using a central provider.
- Each department is developing its own island of data that is inaccessible to the rest of the company.
- Linking the company's IT infrastructure to unknown cloud services brings added security risks to the entire company.
Those are just a few reasons why it is imperative for companies to control shadow IT, but how can that happen?
Taking Control of Shadow IT
Most IT departments cannot respond fast enough to handle business units' IT needs . That is what causes those units to bypass IT in the first place. What IT departments can do is to put a framework of governance and compliance in place, then to build a catalog of options for their business units.
The framework for governance and compliance sets out rules for business units that want to use cloud services. It outlines the acceptable architectures, and the minimum guidelines for reliability, availability, and security. This will not prevent the business units from procuring shadow IT in the cloud, but it will help protect the company from unnecessary risks. Enforcement of the framework must come from the C-level executives. The CIO needs to get commitment in the boardroom and then propagate it down the ladder.
After putting the framework in place and getting some level of compliance, the next step is to build a catalog of cloud services that meet your organization's needs. When a business unit needs certain cloud services, they browse the catalog, choose the services they need, and send the request to IT. Because the infrastructure is in place, IT can quickly provision the services and get the business unit's needs met with a quick turnaround time.
Building that catalog of cloud services cannot be done overnight. However, it needs to become a priority in companies where shadow IT is a growing problem.