When IT consumerization and cloud services lead to “shadow IT”
“IT consumerisation” has become a popular buzz term as consumer-oriented technologies are increasingly introduced into the workplace and adopted by end users, often in a way that bypasses the enterprise’s IT department.
This trend generally started with the rise of feature phones and smart phones. Employees began to use their own devices rather than the voice- and text-only devices issued by their employers. The trend continues to increase as technology evolves, reaching a point where one of the biggest challenges faced by enterprises today is associated with employee use of cloud-based services.
There are more cloud services available than ever before, and the number of cloud services used in the workplace continues to increase at a phenomenal rate, spanning both sanctioned cloud services (aka “sanctioned IT”) and unauthorized, or shadow, cloud services (aka “shadow IT”).
A recent IDG survey revealed the following:
90% of survey respondents use consumer services such as Skype or LinkedIn in the workplace, of which 46% constitutes shadow IT
70% use file sharing sites such as Dropbox, of which 38% is shadow IT
57% use enterprise social networking tools, of which 40% is shadow IT
53% use CRM and customer service tools, of which 23% is shadow IT
Both sanctioned IT and shadow IT take advantage of the cost benefits of the cloud, along with capabilities not available in legacy applications, but there are risks involved in the uncontrolled use of cloud services.
SkyHigh Networks, a cloud service discovery and security business, publishes a quarterly Cloud Adoption and Risk Report, which analyses the amount and types of cloud services used at companies based on 23 million users worldwide. Its Q4 2015 report on cloud adoption and risk in Europe shared the following:
“The average organisation now uses 1,154 cloud services, an increase of 6.6% over last quarter. Enterprise cloud services account for 72.9% of the services in use by the average company, while consumer services represent 27.1%.
Collaboration continues to be the category with the greatest variety of cloud services in use by a wide margin. The average organisation uses 174 distinct collaboration services (e.g. Cisco WebEx, Evernote, etc.) followed by 61 file sharing services (e.g. Dropbox, Google Drive, etc.) and 57 development services (e.g. SourceForge, GitHub, etc.)”
Additionally, it was clear from the report that employees are experimenting with finding the right services to use. On average, an employee uses 30 different types of cloud services and multiple services within each type, so there appears to be no single dominant service. The main service types include collaboration, development file sharing, content sharing, social media and tracking (assets, devices and people).
The plethora of services in itself is not an issue, but the way individuals use those services raises concerns with the following:
Unsecured and often compromised account details
Lack of understanding of who owns what data when using free versions of the cloud service
Sensitive data often being shared through public links, etc.
Potential regulatory and legal issues (e.g., location and security of sensitive data)
However, in fairness to the users, I don’t think any of them deliberately sets out to establish shadow IT solutions. Often people use these solutions due to the lack of any alternatives or with a desire to work more effectively than many internally sanctioned tools allow, especially when it comes to collaborating with people outside of their organisation.
It is clear that there are huge benefits to allowing employees to use cloud services and also in allowing them to have a choice of alternative services. However, clearly understanding how an organisation will be impacted by their use, selecting the right services, and setting up appropriate policies are keys to their safe and effective use.
By enabling organisations to integrate user-centric cloud services into their IT real estate, thus moving services from shadow IT to sanctioned IT, it can reduce costs and also increase productivity.....but whilst also managing security