When wireless for LAN burst onto the scene, companies were a lot slower than their employees to embrace it. Employees didn’t want to be tied to their desks. So they brought in their own wireless access points, stashing them under desks and in conference rooms. Soon companies began realizing they had a big mess of unsecured Wi-Fi AP’s on their hands—a problem for any organization trying to keep their data and intellectual property secure.
Shadow IT isn’t new. As new technologies emerge, employees leap frog over IT in search of better ways to do their jobs. Cloud is no different.
What makes cloud stand out from past shadow IT situations is the magnitude of the challenge.
To shed light on shadow IT cloud use, we analyzed actual network traffic data and statistics garnered from Cisco Cloud Consumption Service engagements with large enterprise customers six months ago and again at the end of 2015. The conclusion: the shadow IT challenge is rampant, pervasive, and growing explosively.
Shadow IT is indiscriminate. It is found in every industry, in every organization (even those who block internet traffic), and in organizations of all sizes. The average large enterprise now uses 1,220 individual cloud services, up from 730 six months ago. That’s up to 25 times more than recognized by IT—who estimate that they are using 91 public cloud services. The number of cloud services used by large organizations has grown an astonishing 67 percent over the past six months, and 112 percent over the past year.
We’re essentially witnessing a democratization of IT. The business groups have spoken and they want the flexibility and innovation cloud services can deliver. There’s no turning back the clock here. In fact, a recent IDC study commissioned by Cisco clearly shows an optimized cloud strategy delivers dramatic business benefits. But only 10 percent of organizations have a proactive cloud strategy, with only 1 percent fully optimized. This means that 90% of the market has reactive, fragmented strategies.
Risks Hiding in the Shadows
The uncoordinated use of public cloud can leave the business open to a wide range of risks. Our customer engagements helped us identify the top five business risks:
As cloud services are increasingly used to support business operations, service disruptions can have a significant impact. Service disruptions can result from planned and unplanned outages, disasters, or from inability of a cloud provider to meet acceptable recovery times.
There is also a potential for a cloud provider to cease operations due to financially-based shut-down, acquisition, or other operational failure. Based on financial viability scores provided by Dunn and Bradstreet, we have found that 26% of cloud providers used by Cloud Consumption customers are ranked very high or high risk of ceasing operations in 12 months. That is one out of every four vendors! If a vendor you were using ceased operations, could you replace them quickly or retrieve your data in a timely manner?
With more critical data residing in the cloud, it is vital for organizations to ensure that business data (customer, employee, partner) is being protected from malicious acts. The first step is to ensure you are using vendors with a strong track-record of data protection and adequate policies. Could you identify vendors who might pose a risk to your data protection policies? The cloud can be extremely secure, but all cloud services aren’t created equal. You’d be surprised at how many high-risk vendors you might be using. Cloud Consumption customers discover they are using an average of 44 high-risk services.
CIOs are responsible for ensuring that cloud services being used by their organization follow policies that would keep the organization compliant with regulations as well as understand what services they are using might be included in an audit. Of the top 100 cloud services used by Cloud Consumption customers, 60% are subject to major regulatory compliance issues and contain data that would be subject to an audit. (The four major regalatory complaince issues are financial reporting/SOX, Protected Health Information/HIPPA, Payment Card Industry, and FedRAMP) If you have an audit coming up, would you understand what services might be included?
Increasingly, lines of business are making purchasing decisions often without oversight for IT. As every company becomes a technology company and budgets shifts to line of business, organizations are faced with runaway cloud spend. Why? They are spending money on redundant services and are facing hidden costs.
Do you know how much your organization is actually spending on cloud? Are you negotiating discounts on behalf of the entire business?
One of the quick wins our customer have found is around redundant cloud services. Organizations are often using multiple service providers that offer similar functionality. We have found that customers on average use:
- 92 hosting services to gain internet access
- 84 marketing and sales services
- 71 financial services such as banking and tax cloud applications and hosted insurance
- 61 compute services for running cloud-based systems
- 51 collaboration services like video & web conferencing, on-line training, education, and desktop sharing (not including social media)
- 46 cloud storage services to store unstructured data (not including backup and recovery)
- 37 office productivity services to produce documentation or manage projects
- 36 business intelligence services such as dashboards, reporting systems, scenario modelling, and data analysis
Organizations have ineffective capabilities to monitor performance against service level agreements and are challenged to determine if they are receiving what they paid for. This problem is magnified when lines of business rather than IT are overseeing negotiations and might not be aware of contract pitfalls. Do you know if your providers are meeting their SLAs?
You Can’t Manage What You Can’t See
If you answered no to any of my questions above, you may need our help!
- Discover and continually monitor public cloud use
- Reduce your financial and security exposure by identifying cloud business risks and compliance issues.
- Cut cloud costs by finding ways to consolidate or discontinue services.
- Strategically manage cloud use by understanding needs of employees and internal groups and benchmarking cloud usage data against your peers.
- Improve business agility by finding the right cloud services to meet your business, risk, and compliance requirements.
Sound interesting? I’m hosting a webinar on how to “Discover and Managing Your Shadow IT” on Wednesday January 20th at 9 am PDT. I encourage you to register HERE to learn more.