According to Gartner, on average, 28 percent of IT spend occurs outside the IT department today. IT behind IT’s back, commonly called shadow IT, is primarily driven by easily available cloud services. Mobile growth and work shifting practices enables the shadow IT further with employees’ desire to work from anywhere. Shadow IT are typically services and applications that an organization’s IT department has had no role in selecting or vetting, and IT may not even be aware that these services and applications are being used within the network.
Convenience and productivity are often the drivers for adopting shadow IT. Employees deploy solutions that are not approved by their IT departments and many times, the reasoning is that going through the traditional route for approvals is too complicated or time consuming.
Even though innovation, ease of use and quick deployments are great reasons for adoption of cloud applications and services, the implications of deploying unapproved applications within the enterprise with access to enterprise network and data are enormous. An unauthorized application can be used maliciously to access the corporate network and data. This article in Network World, Five Ways Shadow IT, summarizes the risks of shadow IT especially for data security and enterprise data and compliance. In addition to the security and compliance risks, enterprise applications using shadow IT must address disaster recovery concerns.
However, even with all the risks, shadow IT is here to stay due to benefits it brings to the organization in productivity, innovation and deployment time. So, IT needs to enable the enterprise to adopt the best aspects of shadow IT while reducing the downside and risks.
IT needs to provide visibility and control of shadow IT applications to address security and disaster recovery concerns for the enterprise. Gaining visibility and control requires addressing the key requirements of those adopting shadow IT. Vetting, enabling and adopting new, easy to deploy off-the-shelf applications and services along with investments in self-service, orchestration and automation all address one of the core reasons for adopting shadow IT – complicated and time consuming provisioning.
A way to address security and disaster recovery concerns for the enterprise with shadow IT is to ensure that the security and disaster recovery systems also are included as part of IT’s self-service, orchestration and automation systems, without requiring additional effort from those driving adoption of shadow IT applications and services.
The self-service and automation initiatives along with enabling innovative cloud-based applications that adhere to enterprise security and disaster recovery policies, by enterprise IT, not only incents adoption of approved applications by those driving shadow IT but also provides the organizations the benefit of volume discounts.