التخطي إلى المحتوى الرئيسي

A CIO’s best allies in the fight against ‘shadow IT’ are the shadow IT vendors

shadow



The term “Shadow IT” can conjure up visions of overwhelmed CIOs frantically trying to keep information repositories secure from online attacks, while their own employees compromise security by brazenly using personal devices and consumer cloud services without IT’s permission or even IT’s knowledge.


The term can also portray IT vendors as complicit actors who enable the employees to circumvent policy, uncaring toward the CIO’s plight. But actually, the opposite appears to be true. Google’s recent announcement of new features for its Android for Work initiative is just the latest example of a vendor working to help IT regain control without limiting employees to using only approved technologies.


Taking this initiative is not just good corporate citizenship; it’s becoming a necessary business strategy, particularly for companies like Facebook that have designs on breaking into the enterprise services market.


“Shadow IT” is now a well-established phenomenon, the offspring of the broader “consumerization of IT” trend. What may still surprise even the savviest CIO is just how many employees are self-selecting applications, particularly those that are cloud-based, and how extensive the selection has become.


In February 2015, Cloud security platform developer CipherCloud issued the findings of a year-long study that examined cloud usage. A couple of the more startling findings from the “Cloud Adoption and Risk Report in North America and Europe – 2014 Trends” report include:



  • Enterprises vastly underestimate the extent to which shadow IT cloud applications are used by their organizations. Eighty-six percent of the cloud applications that employees admit to using are not sanctioned by IT.

  • One major U.S. enterprise estimated that 10 to 15 file-sharing applications were in use but then discovered that number was almost 70.


Seventy applications is nothing compared to the number you will find in Skyhigh Networks’ quarterly report on cloud adoption. The company’s “Cloud Adoption and Risk Report Q4 2014” states that the average number of cloud services in use at each company in Q4 2014 grew to 897! That’s a 43 percent increase from Q4 2013. The report adds, “That number is 10­ to 20 times higher than what IT executives expect; especially considering that many of these cloud services are adopted by employees acting on their own, without the knowledge of the IT department.”


Perhaps it’s not surprising, then, that the term “shadow cloud” replaces “shadow IT” in PricewaterhouseCoopers’ 2014 report “Managing the Shadow Cloud,” which states, “Shadow IT is not a new concept, but its recent increase has been dramatic. The culture of consumerization within the enterprise . . . coupled with aging technologies and outdated IT models, has propelled cloud computing into favor with business units and individual users.”


Although shadow IT may not be a foreign concept to IT departments, there remain serious risks to giving up control of the applications and services that employees use to access IT systems and to manage or share sensitive business information. Doing so undermines information security efforts, can lead to compliance violations, and can add redundant services that create inefficiencies with those already implemented and overseen by IT.


Being able to answer the question “What’s going on across my network?” is critically important, as an increasing number of data centers today have adopted a hybrid enterprise model, with one foot on-premises and one in the cloud. Networks are going hybrid too, with private multiprotocol label switching (MPLS) links for mission-critical applications and the public Internet for noncritical traffic.


The companies that not only manage all this new complexity but leverage it to make their applications perform at their peaks, will gain a competitive advantage in this new hybrid world. To achieve this, CIOs need visibility, control, and optimization across hybrid clouds and networks to ensure that all on-premises, cloud, and SaaS applications perform to the service-level agreements determined by the business. CIOs cannot achieve that level of visibility and control if they are unaware of the dozens, even hundreds, of unsanctioned cloud services and devices employees may be using on their own.


Despite these risks, I agree with those who advise CIOs against trying to regain control by the outright banning of any services except for those that IT implements.


Ojas Rege, vice president of strategy at MobileIron, sums up this view in his recent opinion piece “Why You Need to Learn to Love Shadow IT” for ITProPortal: “CIOs would be well advised to adopt a more progressive approach. Shadow IT highlights those areas in which IT is falling short of the needs of the employee. It should be viewed as a valuable asset, not as a threat. With a more progressive approach, CIOs could implement regulations that actually support shadow IT initiatives, helping them to understand employee grievances to achieve the right solutions.”


The PwC report I cited earlier, “Managing the Shadow Cloud,” provides CIOs with similar guidance, and adds that “the days of ‘big IT’ are gone, but successful IT departments will be those that work with the business to solve the organization’s most important problems. IT will move from a centralized authority to an advisor, broker, and orchestrator of business services.”


What do both of these recommendations have in common? CIOs should listen to their user communities. Shadow IT exists because people need to get work done and “official” IT isn’t responsive enough, or because it lacks the necessary tools. This drives people to find an adequate collaboration platform on their own — and they won’t care about security. Useful enterprise collaboration should be high on all IT priority lists.


Additionally, the distinction between work and non-work is quickly evaporating, and policies towards device and software capabilities should reflect this. Employees will likely reject the notion of IT controlling personal devices but will generally accept control of corporate information on those devices. Therefore, IT should look for mobile applications and management tools that offer greater flexibility.


Another key to showing employees that IT is working with and not against them is to move quickly to standardize a few services. Ideal early candidates include file-sharing and instant messaging. It’s easier to rein in data from five services than from 30, or from 20 users as opposed to 2,000. Simplify access — if it’s TLS-based (and can integrate with your corporate directory), users won’t need to connect to the VPN first. Try to make official IT as easy and responsive as shadow IT while still asserting appropriate control over corporate intellectual property.


Finally, reach out proactively to the shadow IT vendors and suggest that they work with the IT team directly over letting employees or individual business units implement their services on an ad hoc basis. This will not only help IT maintain control and visibility; it will help the vendor establish a more long-term and profitable relationship with the company.


We learned this lesson first-hand a few years ago, although in our case, the credit for the proactive outreach goes to the vendor. Dropbox alerted us to the fact that a number of our employees were using the cloud storage service and offered to help us establish a Dropbox for Business account. Good salesmanship, to be sure, but it also helped us create and implement policies and best practices for identifying and implementing, or at least permitting, the use of applications that employees feel can improve their productivity.


Dropbox and Google are certainly not the only examples of vendors trying to help CIOs and IT walk the line between achieving the network visibility and security they require while still permitting employees to use their preferred devices and services. Blackberry has long offered the ability to partition its smartphones to keep personal and work applications and information separate. Apple and IBM have started rolling out made-for-business applications and supporting cloud services that incorporate IBM’s big data and analytics capabilities to iPhone and iPad users. The list is long and growing.


To me, the next wave of new shadow IT services is coming from companies working to develop communications and collaboration platforms that aim to replace, or at least augment, email. The category is growing rapidly and includes established vendors like Microsoft and Facebook, and startups such as Slack and Huddle.


I encourage these companies to work directly with companies’ IT administrators and CIOs whenever possible rather than only enabling individuals to create user accounts without the knowledge of IT. The same advice applies to IT; trying to lock out all shadow IT services is essentially tilting at windmills. Work collaboratively and often with employees, as well as with the vendors whose services a majority of employees want to use (or may have already started using), and move quickly to implement some on at least a trial basis. Keep the lines of communication open so that employees are able to provide their feedback and, just as importantly, so that you are able to explain why a specific service may not be appropriate after all, because security or compliance risks cannot be overcome.


Steve Riley is Technical Director, Office of the CTO, at Riverbed Technology.




















from VentureBeat http://ift.tt/1LGgurv

تعليقات

المشاركات الشائعة من هذه المدونة

11 Sorpresas sobre el iPhone 6 y 6 Plus

11 Sorpresas sobre el iPhone 6 y 6 Plus
Esta mañana, millones de personas en todo el mundo se despertó para descubrir que sus viejos teléfonos celulares se convirtieron, casi al instante, horrible.

23kShare a Facebook
289Tweet a Twitter
Correo electrónico
Por Russ Frushtick

por mtv 09.19.2014 personal de noticias
Con el amanecer de un nuevo iPhone viene la sensación de que estás viviendo en la Edad Media hasta que actualice. Así que lo has hecho. Ignoraste la parte razonable de su cerebro que, dijo, "Espera doce meses más y obtener un teléfono más barato cuando está en contrato! ¿Qué estás haciendo loco tonto? ¿No te acuerdas cómo llegas tarde en el alquiler y Big Tom va a ensuciar para arriba? "Big Tom puede esperar. Aquí están algunas sorpresas sobre el nuevo dispositivo de la marca.
1. Se va a hacer su teléfono antiguo sentir pequeña.
IPhones Nueva Big-Screen de Apple dibujar líneas largas ya que las ventas de inicio
Tanto si tienes un iPhone o un iPhone 6 …

competencia de la nota 4, iPhone 6 Plus, Nexus 6, DROID Turbo, Moto

Parece que la última cosa que la gente quiere hacer es quedarse con un teléfono más de 90 días. Hemos golpeado un ciclo donde los dispositivos se liberan, sólo para ser seguida poco después por algo mejor. Usted compra un teléfono, y no mucho después es probable que haya una mejor más nuevo dispositivo, en el bolsillo. Es sólo la tecnología funciona así. Por lo que dice mucho cuando un teléfono en particular soportó un aluvión de colombófilo competencia, más potente. Echamos un vistazo a la OnePlus Uno seis meses después.
Ya sabes que los OnePlus Uno era el teléfono de TechnoBuffalo de 2014, y eso es en un mercado a la competencia de la nota 4, iPhone 6 Plus, Nexus 6, DROID Turbo, Moto X y muchos más. Pero queríamos reflexionar más profundamente sobre lo que nuestra experiencia ha sido como todos estos meses posteriores. Muchas veces usted tiene este período de luna de miel con un dispositivo en el que las cosas son grandes y todo funciona perfectamente. Pero como uste…

Algunos de mis amigos están ahora me llaman un apologista BlackBerry

Algunos de mis amigos están ahora me llaman un apologista BlackBerry, e incluso un fanboy BlackBerry, sólo porque resulta que tengo probado, y lo disfrutamos, el Z30-libre del teclado. Sin embargo, a pesar de mi predilección por ambos teclados y el RIM avances (er, BlackBerry) ha realizado recientemente, el Nexus One de Google 5 sigue siendo mi smartphone defecto de elección.
Pero eso cambió hace dos semanas - al menos temporalmente - cuando Jon Rettinger me retó a tratar de vivir con el dispositivo insignia de BlackBerry, el Pasaporte. Y ya que estoy por lo general para cualquier reto tecnológico que decidí darle un paso - y así que me puse el Nexus a un lado y se zambulló en la parte más profunda.
ornitorrinco
¿Alguna vez has visto un ornitorrinco? Es probablemente el animal más extraño que jamás encuentres. Es un mamífero de sangre caliente, sin embargo, pone huevos. Está cubierto con la piel, pero se divierte un pico de pato. Y sus pies palmeados también parecen má…