Cisco Blogs


Cisco Blog > Data Center and Cloud

Summary : Beyond Data Security…Five Biggest Risks of Shadow Cloud IT Services

February 11, 2014 at 3:19 pm PST

In his recent blog (Unleash the Promise of Cloud), Enrico Fuiano reports  how a Cisco Intel study  clearly indicates that Line of Business (LoB) leaders have been playing a more important role in driving requirements for IT solutions and services. Amongst the reasons driving this shift, Enrico pointed to the “shadow IT” initiatives.

BobDimiccoRobert  Dimicco, Cisco Senior Director , Global leader and founder of Cisco’s Cloud Consumption and Broker Services Practice  tells  a similar story , as he recalls  a recent  conversation with a CIO “My CFO and CEO just asked me if I knew how many of our users were accessing cloud services. They asked me if I knew how much we were spending or if there were any risks.” He said, “Bob I don’t know the answers, and I don’t have a plan.”

In his blog, “Beyond Data Security ..Five Biggest Risks of Shadow Cloud IT Services “ Bob shares that “In working with our customers, we have found that there are typically 5-10 times more cloud services being used than are known by IT.”  This challenging trend, called Shadow-IT is not without any risk . In fact , Bob describes  the 5 major risks of Shadow IT which are

  • Data Security Risks
  • Brand Risks
  • Compliance Risks
  • Business Continuity Risks
  • Financial Risks

So how to identify these risks and deal with them ? Bob explores the benefits and  services offered by the Cisco Data Center Assessment for Cloud Consumption.

  • Identify unauthorized cloud services and gain greater visibility into your cloud usage in order to reduce
    security and financial exposure
  • Mitigate risks by proactively identifying risk and compliance issues associated with cloud usage
  • Reduce costs through recommendations to consolidate and/or eliminate cloud services
    ◦ Obtain early warning of overage and related charges
    ◦ Identify duplicate services and identify potential candidate cloud services for consolidation
    ◦ Highlight over- and underutilized services
    ◦ Estimate potential cost savings through a customized financial model
  •  Enable greater business agility through cloud governance, which can help IT and LOBs
    efficiently select and deploy cloud services to rapidly meet organizational needs
  • Enable greater business agility through cloud governance, which can help IT and LOBs
    efficiently select and deploy cloud services to rapidly meet organizational needs

To learn more, and start now to build a plan,  check Bob’s blog here 

Tags: , , , , ,

Beyond Data Security…Five Biggest Risks of Shadow Cloud IT Services

About two years ago, I went into a customer workshop on private cloud. As we were introducing ourselves around the table, the CIO turned to me with a pained expression and said, “Bob I have a different problem. My CFO and CEO just asked me if I knew how many of our users were accessing cloud services. They asked me if I knew how much we were spending or if there were any risks.” He said, “I don’t know the answers, and I don’t have a plan.”

In the months that followed, I would have countless other conversations with CIOs, that highlighted an emerging challenge—shadow IT. Shadow IT turns up when business groups implement a public cloud service without the knowledge of IT. In working with our customers, we have found that there are typically 5-10 times more cloud services being used than are known by IT.

The conversations I had with customers highlighted that shadow IT was creating several challenges—from monitoring cloud costs to managing service providers. One of the significant challenges with shadow IT is risk to the business. Specifically, we have seen five categories of risk arise:

#1 Data Security Risks

Company information being shared externally due to a cloud service breach is among our customers’ worst nightmares. Cloud vendors work hard to protect customers’ data. However, it falls to the business to know where their information lives and to protect it.

A security officer of a global non-profit organization recently shared with me that his organization wanted to use cloud services to help connect with donors and manage operations. However, they weren’t set up to govern providers and have no idea how donor information was being shared with cloud vendors. Many of our customers tell us they don’t have strong processes to manage cloud vendors, can’t track how their information is being shared, and often don’t know how vendors are keeping their information safe.

#2 Brand Risks

Brand risk goes hand-in-hand with a potential data security breach. If company information is stolen, or shared inappropriately, the consequences to an organization’s brand is immeasurable. Not only can a breach lead to negative press and customer backlash, but can also result in financial damages.

#3 Compliance Risks

Globally, organizations face evolving and expanding regulations that require them to retain information, maintain privacy, give people the ‘right to be forgotten,’ and more. As cloud services are used across all business functions, companies face the risk of falling out of compliance. Our customers tell us that violations are becoming more frequent as those responsible for enforcing compliance become less aware of what services are being used. Also, employees often don’t understand when using a cloud service can trigger compliance issues.

#4 Business Continuity Risks

Businesses need to ensure that cloud vendors they are using have strong business fundamentals or risk losing valuable corporate information if a vendor goes out of business or is purchased. Last year, a cloud storage provider Nirvanix went out of business and gave customers less than one month to move their data or risk losing it forever. These types of abrupt changes can lead to significant challenges in maintaining business continuity.

#5 Financial Risks

Recently, we helped a global equipment manufacturer discover that their employees were using over 630 cloud services, 90 percent of which were unknown to IT. These unknown services cost them nearly a million dollars annually. Costs are spiraling as businesses unknowingly purchase duplicate cloud services and lose their power to negotiate bulk contracts.

Identifying Cloud Risks With Cisco Cloud Consumption Services

The first step to managing the risks of shadow IT is to identify where you might face exposure. To help customers with this challenge, Cisco has introduced a new service designed to identify the business risks and costs resulting from shadow IT.

With Cisco Cloud Consumption Services, customers can know which public cloud services are being used in their business, become more agile, reduce risks, and optimize public cloud costs.

Using collection tools in the network, we help customers find out what cloud services are being used by employees across their entire organization. Our cloud experts then help customers identify and manage cloud security risks and compliance issues. Using a proprietary database of cloud vendors, we help companies identify the risk profile of services they are using and provide recommendations for managing these risks with stronger cloud service provider governance. The service also helps customers determine what they are really spending on cloud and find ways to save money.

Additionally, Cisco Cloud Consumption Services helps companies develop new processes for managing cloud vendors, from onboarding to termination. We help customers to proactively manage risks and deliver new services faster by establishing stronger cloud service management practices.

You can learn more about how we can help you understand your cloud usage and identify risks to your business at www.cisco.com/go/cloudconsumption

Many leaders that I speak with feel like they do not have a shadow IT problem, citing that their security protocols were set up to protect them. Think this is you? Think again! Recently we worked with a provincial government and discovered that they had over 650 public cloud services being used by their organization, despite blocking 90 percent of internet traffic. Simply put, if your employees have access to the internet, you have a shadow IT challenge.

I’d be interested to hear from you as to whether you feel you have challenges with shadow IT and what the risks could be. I look forward to your comments!

Additional Resources:

Tags: , , , ,

Friday Poll: Have You Gone Rogue at Work?

Has this guy gone rogue?

Has this guy gone rogue?

A recently published report by Rackspace found 43% of IT Decision makers knew of people within their company who had used cloud services outside of their IT department’s purview. Meanwhile, PricewaterhouseCoopers recently estimated that between 15% and 30% of IT spending occurs outside the IT department’s budget.  PwC called this behavior, ‘Shadow IT’ while the Rackspace report calls it, ‘Rogue IT’. Whatever you call it, employees are feeling empowered to think outside their IT box.  When they need to get something done and the provided resources don’t meet their needs employees are finding ways to get it.

This isn’t exactly a new phenomenon, but the numbers of IT who know and the budget estimations are interesting to note.  Of course, I got to wondering about our readers. This week’s poll is simple – have you gone rogue with your IT?* Read More »

Tags: , , ,