Cisco Blogs


Cisco Blog > Cloud

Shadow IT: Rampant, Pervasive, and Explosive!

When wireless for LAN burst onto the scene, companies were a lot slower than their employees to embrace it. Employees didn’t want to be tied to their desks.  So they brought in their own wireless access points, stashing them under desks and in conference rooms. Soon companies began realizing they had a big mess of unsecured Wi-Fi AP’s on their hands—a problem for any organization trying to keep their data and intellectual property secure.

Shadow IT isn’t new. As new technologies emerge, employees leap frog over IT in search of better ways to do their jobs. Cloud is no different.

What makes cloud stand out from past shadow IT situations is the magnitude of the challenge.
SMGraphic_Iceberg_Jan11_2016

To shed light on shadow IT cloud use, we analyzed actual network traffic data and statistics garnered from Cisco Cloud Consumption Service engagements with large enterprise customers six months ago and again at the end of 2015. The conclusion: the shadow IT challenge is rampant, pervasive, and growing explosively.

Shadow IT is indiscriminate. It is found in every industry, in every organization (even those who block internet traffic), and in organizations of all sizes. The average large enterprise now uses 1,220 individual cloud services, up from 730 six months ago. That’s up to 25 times more than recognized by IT—who estimate that they are using 91 public cloud services. The number of cloud services used by large organizations has grown an astonishing 67 percent over the past six months, and 112 percent over the past year.

We’re essentially witnessing a democratization of IT. The business groups have spoken and they want the flexibility and innovation cloud services can deliver. There’s no turning back the clock here. In fact, a recent IDC study commissioned by Cisco clearly shows an optimized cloud strategy delivers dramatic business benefits. But only 10 percent of organizations have a proactive cloud strategy, with only 1 percent fully optimized. This means that 90% of the market has reactive, fragmented strategies.

Risks Hiding in the Shadows

The uncoordinated use of public cloud can leave the business open to a wide range of risks. Our customer engagements helped us identify the top five business risks:

shadowITblog

#1—Business Continuity

As cloud services are increasingly used to support business operations, service disruptions can have a significant impact. Service disruptions can result from planned and unplanned outages, disasters, or from inability of a cloud provider to meet acceptable recovery times.

There is also a potential for a cloud provider to cease operations due to financially-based shut-down, acquisition, or other operational failure. Based on financial viability scores provided by Dunn and Bradstreet, we have found that 26% of cloud providers used by Cloud Consumption customers are ranked very high or high risk of ceasing operations in 12 months. That is one out of every four vendors! If a vendor you were using ceased operations, could you replace them quickly or retrieve your data in a timely manner?

#2—Data Protection

With more critical data residing in the cloud, it is vital for organizations to ensure that business data (customer, employee, partner) is being protected from malicious acts. The first step is to ensure you are using vendors with a strong track-record of data protection and adequate policies. Could you identify vendors who might pose a risk to your data protection policies? The cloud can be extremely secure, but all cloud services aren’t created equal. You’d be surprised at how many high-risk vendors you might be using. Cloud Consumption customers discover they are using an average of 44 high-risk services.

#3—Regulatory Compliance

CIOs are responsible for ensuring that cloud services being used by their organization follow policies that would keep the organization compliant with regulations as well as understand what services they are using might be included in an audit. Of the top 100 cloud services used by Cloud Consumption customers, 60% are subject to major regulatory compliance issues and contain data that would be subject to an audit. (The four major regalatory complaince issues are financial reporting/SOX, Protected Health Information/HIPPA, Payment Card Industry, and FedRAMP) If you have an audit coming up, would you understand what services might be included?

#4—Costs

Increasingly, lines of business are making purchasing decisions often without oversight for IT. As every company becomes a technology company and budgets shifts to line of business, organizations are faced with runaway cloud spend. Why? They are spending money on redundant services and are facing hidden costs.

Do you know how much your organization is actually spending on cloud? Are you negotiating discounts on behalf of the entire business?

One of the quick wins our customer have found is around redundant cloud services.  Organizations are often using multiple service providers that offer similar functionality. We have found that customers on average use:

  • 92 hosting services to gain internet access
  • 84 marketing and sales services
  • 71 financial services such as banking and tax cloud applications and hosted insurance
  • 61 compute services for running cloud-based systems
  • 51 collaboration services like video & web conferencing, on-line training, education, and desktop sharing (not including social media)
  • 46 cloud storage services to store unstructured data (not including backup and recovery)
  • 37 office productivity services to produce documentation or manage projects
  • 36 business intelligence services such as dashboards, reporting systems, scenario modelling, and data analysis

#5—Service Performance

Organizations have ineffective capabilities to monitor performance against service level agreements and are challenged to determine if they are receiving what they paid for. This problem is magnified when lines of business rather than IT are overseeing negotiations and might not be aware of contract pitfalls. Do you know if your providers are meeting their SLAs?

You Can’t Manage What You Can’t See

If you answered no to any of my questions above, you may need our help!

To help CIO’s manage their shadow IT issues,we   last week. The new software-as-a-service product can help you to:

  • Discover and continually monitor public cloud use
  • Reduce your financial and security exposure by identifying cloud business risks and compliance issues.
  • Cut cloud costs by finding ways to consolidate or discontinue services.
  • Strategically manage cloud use by understanding needs of employees and internal groups and benchmarking cloud usage data against your peers.
  • Improve business agility by finding the right cloud services to meet your business, risk, and compliance requirements.

Sound interesting? I’m hosting a webinar on how to “Discover and Managing Your Shadow IT” on Wednesday January 20th at 9 am PDT. I encourage you to register HERE to learn more.

If you want to know more about your cloud please contact us for a demonstration of Cloud Consumption as a Service or learn more.

 

Tags: , , , , , , ,

#CiscoChampion Radio, S3|Ep. 2. Cisco Champions Crystal Ball: Your Predictions for 2016

#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’re discussing Cisco Champions Crystal Ball: Your Predictions for 2016 with Cisco Subject Matter Experts Kim Austin.

Get the Podcast

  • Listen to this episodeCiscoChampionbadge_announcement
  • Download this episode (right-click on the episode’s download button)
  • View this episode in iTunes

Cisco Champion Guest Hosts

Moderator

Read More »

Tags: , , ,

Your New Year’s Resolution for 2016: Start with a Cisco Domain Ten Workshop

A few years ago, I wrote a series of blogs on Cisco’s Domain Ten(SM)  framework.  Since then, we’ve used this simple yet powerful analysis tool to help guide many customers on data center and IT transformation projects.  I personally found it quite notable that leading market analyst firm IDC, recognizing Cisco as the worldwide leader in the Networking Consulting Services arena in their August 2015 IDC MarketScape Worldwide Network Consulting Services 2015 Vendor Assessment (IDC Document #258131), called out Cisco Domain Ten in their assessment of Cisco.

Over the years, as we’ve used this framework to analyse customer IT, data center and cloud challenges, we’ve evolved and tuned the framework.  You can learn more about Cisco Domain Ten, in the video below as well as my original blogs, which are still very relevant.

How then, do you know if a Cisco Domain Ten would help you in your data center, cloud and broader IT initiatives? How do you know if you should be making a Cisco Domain Ten workshop one of your new year’s resolutions for 2016?

Read More »

Tags: , , , , , , , , , , , , ,

Five Strategic Insurance Business Imperatives for 2016

One of these days the ground will drop out from beneath your feet
One of these days your heart will stop and play its final beat
One of these days the clocks will stop and time won’t mean a thing

“These Days”, Dave Grohl, Foo Fighters

 As we kick-off 2016, the time is now for industry decision-makers to make a profound difference in the way Insurance business is transacted. Not just for competitive position, but for future generations, shareholders and most importantly, for the customer. Peer group competitors are formulating action plans now to address the most pressing tactical and strategic business imperatives across the enterprise for 2016 and beyond. Are you? Here are five top focus areas for 2016 that I am hearing from insurance executives across both Life and P&C:

  1. Digital Strategy
  2. Security
  3. Collaboration
  4. Talent Acquisition and Retention
  5. Business Outcome Approach

Read More »

Tags: , , , , , , , , , , ,

We Hear You: Retail Security Should Be Simple and SAFE

Retailers are in the business to sell, not to be stolen from. And they don’t set up shop to buy security products from companies like Cisco. However, attackers who target retailers have discovered that it’s much more lucrative to shoplift virtually rather than physically. So even if you focus on security rather than selling, you face a daunting task.

ChristianImage

The challenge of retail security is that it gets more complex by the minute. The combination of mobile devices, distributed services, increased customer expectations, virtual systems, and changing business goals creates a huge attack surface for fraudsters. Add in a pantheon of security vendors offering specialized products that don’t always work well together as well as a dwindling supply of qualified security personnel, and feelings of frustration and futility are understandable.

Our industry desperately needs a resource that addresses the problem from end to end and makes security easier to understand. Enter Cisco SAFE, a comprehensive and credible solution portfolio. SAFE uses a model to organize retail networks into areas that can be more easily understood from a security perspective. It looks at the threats that exist and the best practices available to defend against them. It helps manage the design, build, and maintenance of today’s retail networks.

SAFE provides “how to” guides tested in Cisco’s laboratories for complex security challenges. It maps your threats to the security capabilities you need at this time, which can help you avoid overspending and overcomplicating the defenses you need to protect your business.

Come see me at the National Retail Federation show in New York. At a Big Idea session, I’ll be speaking about how Cisco SAFE helps simplify retail security. We’ll be in Room 4, Level 3 of the Expo Hall, on Monday, January 18, at 12:45 p.m.–1:30 p.m. Learn more.

I look forward to meeting you there!

Tags: , , , , , , , , ,