The number of unauthorized cloud apps being used in the enterprise is 15 to 20 times higher than CIOs predicted, according to a Cisco report. What's a CIO to do?
Shadow IT: 8 Ways To Cope
(Click image for larger view and slideshow.)
Most CIOs are aware that Shadow IT occurs within their organization. As it turns out, the problem may be much more prevalent then they ever imagined. A new Cisco report shows that the number of unauthorized cloud apps being used in the enterprise is 15 to 20 times higher than CIOs predicted. That means that the risk and added costs attributed to Shadow IT are also significantly underestimated. So what is a CIO to do?
I recently had the opportunity to discuss the topic of Shadow IT with Bob Dimicco, global leader and founder of Cisco's Cloud Consumption and Broker Services Practice. Dimicco and his team surveyed IT customers to gauge their estimates of how much shadow IT is happening within their organizations. Then, they compiled data from customer projects that portrays an explosion of Shadow IT in the enterprise. It also illustrates the obvious disconnect between what IT believes is happening and the factual evidence. The data used was collected directly off production networks over the past 18 months. It was collected from participating Cisco enterprise customers in the US, Europe, Canada and Australia operating across a wide range of business verticals.
According to Cisco: "IT departments estimate their companies are using an average of 51 cloud services, when the reality is that 730 cloud services are being used. And this challenge is only going to grow. One year ago, the multiple was seven times, six months ago it was 10 times, today it is 15 times and given the exponential growth of cloud we predict that by the end of this calendar year it will be 20 times or more than 1,000 external cloud services per company."
In every geographical region and across all industries, the results were strikingly similar. According to Dimicco: "When we got started, we were wondering, is there going to be one or two industries where this was going to be most prevalent? No, it's prevalent across all industries and this is consistent with the major countries in which we worked with customers."
Lest you think the data might be inaccurately skewed through the inclusion of personal apps or websites used by employees on the corporate network, think again. "When we do this sort of analysis based on traffic, we always eliminate websites," said Dimicco. "If someone's going to Yahoo, or someone's going to iTunes, those things are eliminated." Much of the Shadow IT Cisco discovered included Compute services such as Infrastructure-as-a-Service (IaaS) from AWS and Google, as well as multiple storage and backup service providers. On the Software-as-a-Service (SaaS) front, marketing and sales applications such as Salesforce.com dominated.
Dimicco and his team developed a five-step, multi-year plan to move Shadow IT out of the shadows and bring it back under the oversight of IT through a Hybrid IT model. Essentially, the Hybrid IT model is an expansive list of IT-approved cloud services that employees use as they choose.
Before an IT department can even begin thinking about a Hybrid IT model, step one is to discover and identify which unauthorized cloud services are being used inside an organization. Cisco is (naturally) proposing its Cloud Consumption Services to assist in the discovery process. In fact, the company used the tool to compile the results for its Shadow IT report. According to the company, the tool can provide ongoing results to quickly identify new services favored by employees so they can be vetted and eventually added to the approved Hybrid IT services menu.
However you ultimately decide to handle the situation, know that the likelihood that Shadow IT can be completely eradicated from enterprise organizations is extremely slim. Rather, the goal for CIOs and IT departments should be to significantly reduce the need for employees to circumvent IT in order to perform their work duties. Ultimately, this will mean that IT departments will have to dramatically expand their portfolio of approved applications and cloud services they offer their end users. Just how many will that be for your organization? You'll never know until you get true visibility into how much Shadow IT is going on.
Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Server Market SplitsvilleJust because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 25, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."