Cloud: The ultimate shadow IT

About 18 months ago I was with a customer at our headquarters for a cloud briefing. During the session a very interesting question came up. Is HP using Amazon Web Services? Sounds easy doesn’t it?

As it turned out the answer was far from easy but it was really interesting. It triggered a number of heated discussions. Indeed, the speaker responded quite candidly that he did not know, but that they had done some research. They analysed the expense management records and found a number of credit card payments to Amazon Web Services (AWS).

So, this seemed to indicate AWS was used, but for what purpose, no idea. Which data was transferred to the cloud? Where was that data located, how was that data protected? No indications were available.

This quickly led to a debate about how the company could ensure compliance if individuals used external IT services without any control mechanisms. That is what we call “shadow IT” and we have been trying to dismantle any of that for quite a while.

I can tell you the CIO suddenly became very nervous as he realised he had never even looked at this and had no idea where people in his organization stood as far as the use of public cloud..

Two main elements came up when we went a little deeper, security and compliance. This is nothing surprising actually. In a recent CIO magazine survey, when asked about cloud barriers, 67% of CIO’s highlight security concerns, way before information access concerns (41%) and information governance concerns (37%). Does this means that public clouds are not secure? No, it actually means that the lack of information and transparency on the security approaches taken by the major service providers make CIO’s very nervous.

Business people may not be aware of the security risks and compliance issues. They are often looking outside the corporation for IT resources because they feel they cannot get it fast enough within the enterprise. In doing so, they may expose the company without realizing it.

So, to avoid shadow IT, CIO’s should find ways to improve their service and provide the business with what they need. But that requires investments, and it is well known most of the IT budget goes to operations. This represents anywhere between 65 and 70%. I even found an interesting breakdown of those percentages. It only leaves a small budget available to deliver innovation and address the business needs. Hence the importance to flip the ratio. Virtualization, standardization and automation allow the reduction of the operations budget. Standardization consists not only in implementing a standardized hardware platform to maximize the efficiency of the virtual environment, but also the standardization of the processes and procedures to facilitate automation and reducing the operations staff.

So, what are you waiting for? Take a look at your employee expenses and if you see some credit card notes, start looking at what you can do to convince the business to use your environment to address their needs rather than go outside. And take a moment to educate the business on some of the cloud related risks. You may have to do that to protect the enterprise.

 

Related links:

Solve the cloud agility dilemma: How to get the agility of cloud computing, without the sprawl

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.