A new report released last month by cloud security software company SkyHigh Networks found that the presence of shadow IT is increasing in many enterprise networks.
“In the past, shadow IT was often the result of an impatient employee’s desire for immediate access to hardware, software or a specific web service without going through the necessary steps to obtain the technology through corporate channels,” explained David Cappuccio, research vice president at Gartner, in a blog post.
Cappuccio went on to say that the ubiquity of IT and cloud computing has expanded the meaning of shadow IT to encompass employees’ personal technology implemented for work or niche technology used for a specific business purpose.
BYOD major cause of shadow IT
The most basic way shadow IT finds its way into a network is through bring-your-own-device policies, according to Dataquest. Common examples are the use of cloud storage solutions like Dropbox or other cloud-based apps like Google Drive.
Many organizations are employing BYOD policies because of their proven link to higher employee productivity and job satisfaction. However, if companies are going to allow workers to bring the devices they want, a better job needs to be done to secure employee hardware and the apps that are downloaded to them.
Employees are drawn to the use of shadow IT applications because of the ease of use and ability to collaborate. According to SkyHigh, the average number of cloud services used by an organization grew 21 percent in the past quarter.
“Executives usually estimate something like 30 cloud services, and we usually find around 300,” said Tal Klein, vice president of strategy for cloud security company Adallom. “We’ve yet to see a company with more than 1,000 employees that had less than 200 shadow IT apps.”
SkyHigh analyzed more than 3,500 cloud services for their report and found that only 7 percent were able to be considered enterprise ready. Satyajit Sarker, general IT manager for DTDC Courier and Cargo, believes this is because there is a lack of communication between the IT and business sides of companies.
“Technology buying done by business managers often brings applications into a company’s system which are not tested or in some cases deemed fit,” said Sarker. “Even if they have bought licensed applications, it is very important that these applications are bought in connivance with the IT department in order to eliminate shadow IT in the company. Often executives are not aware of the consequences the applications they have bought for their department can cause any inconsistency to their enterprise network.”
Combating shadow IT with private cloud
While the things achieved by shadow IT apps can be helpful to companies, the risk their presence brings enterprise security and network management outweighs the benefits. Cisco data center enterprise architect Shaun Kerr, speaking at a conference last month, said that employing an enterprise cloud solution will help businesses to meet the same demands as shadow IT apps while allowing companies greater network security.
A private enterprise cloud platform can provide employees with the ability to share, collaborate and innovate through connective apps on their devices, just as shadow IT would. With a private cloud solution, the connections will be made to an organization’s dedicated cloud, keeping sensitive enterprise information contained and secure.
Private clouds also offer a greater level of disaster recovery than the companies behind the shadow IT apps. Enterprise cloud platforms employ higher levels of automation and redundancy to ensure information isn’t lost due to operator error or other disaster.