Shadow IT isn’t anything new; it is part of human behavior and started with the first mini-computers in family homes. People will always choose the tools that help them do their jobs in the simplest and most efficient way. Unfortunately, when that means using unsanctioned technologies, well intentioned selections can have unintended and potentially dangerous consequences for the company. These can include: increased security risks, diminished productivity, and increased costs. Additionally, when users select their own cloud services, they inadvertently create silos of information that IT is not unaware of, and potentially create data compliance issues. By purchasing cloud services on an ad hoc basis, users limit the company’s ability to negotiate volume pricing.
IT leaders and other executives need to make it their responsibility to find out which cloud services are being used, and come to a mutual understanding of which cloud technologies are best for the business. Only through a clear understanding can IT leaders devise cloud strategies that benefit users—and ultimately drive business advancement. At the very least, IT leaders need to become informed brokers. Even better, they may want to establish their own cloud services and merchandize them to reduce costs and better meet user needs.
Read More »
Tags: Cloud Consumption, Executives, IT, leadership, strategy
Reducing costs remains amongst the top reasons why organizations use public cloud services. However, when calculating the costs of public cloud services organizations need to look well beyond the license fees and billed costs.
With Cisco Cloud Consumption Services, we have worked with numerous customers to discover their public cloud usage and analyze cloud spend. At Cisco Live Milan, taking place January 26-30, we are sharing public cloud spending trends with our customers. We have found that the hidden or soft costs of public cloud services can be four to eight times higher than visible costs. These soft costs fall in three areas and include business risk, network and security costs, as well as cloud operations and integration.
Read More »
Tags: Cisco Cloud Services, Cloud Consumption, Cloud Costs, Cloud Management, cloud risks, Cloud Spend, Public Cloud
As enterprise cloud use extends to public, private, and hybrid clouds, CIOs and IT leaders are realizing the need to evolve their IT business model to become enterprise cloud service brokerage (CSBs).
Cisco’s Scott Clark recently discussed the value of this new business approach for IT and highlighted that by adopting this approach IT can “provide the right private, hybrid or public cloud service, at the right time, and at the right cost.”
Most organizations are lagging behind in overhaul their business model and evolve into a CSB. Ovum came out with a report citing that only 50% of organizations participating had a cloud strategy in place and “only one-third or less of respondents said they have [cloud] governance, integration, or compliance strategies.” Read More »
Tags: Cisco Cloud Services, cloud, Cloud Consumption, Cloud Management, cloud service brokers, cloud services, Hybrid Cloud
Shadow IT is estimated to be 20-40 percent beyond the traditional IT budget. The ease by which organizations can purchase apps and services from cloud service providers (CSP) contributes significantly to this spending. This is an eye-catching number worthy of investigation—not only to identify and reduce costs, but to discover business risks. So, it is no surprise that CIOs and CFOs have started projects to identify and monitor unknown CSPs.
I often get questions from customers asking if it is possible for IT to monitor cloud service usage and discover shadow IT using existing technologies, and what the pros and cons would be.
The first CSP monitoring approach I am asked about is the use of secure web gateways. A gateway captures and categorizes incoming web traffic and blocks malicious malware. The benefit of this approach is that the gateways are typically already in place. However, there are several limitations in relying exclusively on this approach. Gateways cannot differentiate between a traditional website and a CSP which might be housing business data. They also have no way of discerning whether a given CSP poses a compliance or business risk. Most importantly, to use gateways to track CSPs, IT would need to create and maintain a database of thousands of CSPs, and create a risk profile for each CSP in order to truly understand the specific service being consumed.
The second approach I get asked about is whether organizations can use NetFlow traffic to monitor CSPs. Many customers feel that they can build scripts in a short amount of time to capture usage. Simply answered, yes this can be done. But organizations would face a similar challenge as if they were using web gateways. To capture CSP traffic using NetFlow, IT would need to develop scripts to capture every CSP (numbering in the tens of thousands). Then identify how each CSP is being used, the risk profile of the CSP to an organization, and how much the CSP costs to project overall spend. This is just the beginning. An IT department would then need to build reporting capabilities to access the information as well as continually maintain the database; and apply resources to this undertaking on a monthly basis to ensure the database was current.
The good news, Cisco has done this work for our customers! We have developed Cloud Consumption Services to help organizations identify and reduce shadow IT. Using collection tools in the network, we can discover what cloud services are being used by employees across an entire organization. Cloud Consumption includes a rich database of CSPs and can help customers identify the risk profile of each CSP being accessed, and identify an organization’s overall cloud spend.
Cisco has helped many IT organizations discover their shadow IT. For example, we worked with a large public sector customer in North America who was struggling to embrace the cloud, but were concerned about business risks. Employees were pushing for cloud services to improve productivity when 90% of Internet traffic was blocked by the organization’s policy. Despite these restrictions, 220 cloud providers were being used already and less than 1% were authorized by IT. Leveraging Cloud Consumption Services, the customer was not only able to manage risk, but also authorize future cloud services based on employee needs in a controlled manner.
It is a good practice for every IT organization to understand how employees are using cloud services and monitor usage on an on-going basis. I encourage our customers to determine which approach would work best for their organization; otherwise they may face unknown business risks and costs.
To learn more about avoiding the pitfalls of shadow IT and how you manage cloud services, please register to attend an upcoming webinar on Dec 11, 2014 at 9:00 a.m. PT.
Tags: Cisco Cloud Services, cloud, cloud concerns, Cloud Consumption, Cloud Management, cloud security, cloud services, data security, security, Shadow IT
CIOs face a scary reality. They only know about 5-10% of the cloud applications that are being used within their organization. This shadow IT is ripping holes in their security strategies. In fact, a recent Forrester study cited that 43% of respondents said they believed shadow IT practices were major threats to their respective organizations. And, as the fallout from recent high-profile attacks have shown, both IT and business leaders will face the consequences if a security breach occurs.
To help leaders uncover shadow IT, we launched Cloud Consumption Assessment Service in January. But discovering shadow IT is only the first step that organizations need to take to manage cost and risks. Moving to cloud compels customers to build in-house clouds and learn to broker services from public cloud providers.
In my last blog, I outlined the need for customers to implement a new lifecycle approach for managing cloud—one that implements the processes and tools to govern cloud services from end-to-end across public, private, and hybrid clouds. Many organizations are beginning to set up dedicated organizations to manage and govern cloud adoption. Recently, the BBC set up a group composed of IT delivery team, security architects, lawyers, infrastructure experts and user communities to manage the purchase and use of cloud computing in their organization.
Establishing a new approach to managing clouds requires a big change. In my conversations with CIOs and IT leaders, many share that they lack the know-how, processes, and tools to effectively manage public, private, and hybrid cloud services.
To help customers deal with these challenges, we are introducing Cisco Cloud Consumption Optimization Service. This annual subscription service helps customers govern their cloud adoption from end-to-end and continually monitor cloud use.
Our cloud experts will help customers establish policies, processes, and tools to govern cloud services based on Cisco IT’s experience of managing more than 1,000 cloud providers. Throughout the year, we will help organizations implement policies to manage cloud providers and enforce security and compliance, develop their hybrid cloud service strategy including a technology and budgetary roadmap, set up a cloud program office, establish a approved vendor list, and more.
With this service, IT can rapidly evolve into a broker of cloud services internally. By doing so, organizations can launch cloud service faster and meet the needs of business groups. Additionally, the service can help organizations reduce cloud costs more than 10-15 percent, manage business risks and ensure regulatory compliance, and continually monitor cloud services and spot trends over time.
You can learn more about Cloud Consumption Optimization Service at: www.cisco.com/go/cloudconsumption
Tags: Cisco, Cisco Services, cloud, Cloud Consumption, Hybrid Cloud, optimization