In one of my blogs last week, I broached the topic of security and the hybrid cloud. I even highlighted a few tips to help you bolster security in the cloud, as well as a security checklist. But there’s one very important security issue I didn’t touch on—Shadow IT.
Shadow IT is what happens when a person or persons inside of an organization decide to use a cloud-based solution or service without the knowledge or explicit approval of the organization. Granted, there could be a very good reason for this to occur, say to solve a business problem that can’t be addressed with the organization’s current IT solutions or because greater agility or time is of the essence. However, the net effect of this decision on security is still the same; it opens the organization to unwanted and unplanned-for risks.
One of the key risks is that the data used in those cloud-based applications might not be properly protected or in compliance with the organization’s standards, or that of its customers and suppliers. And, it almost certainly is harder to track. That makes Shadow IT a dangerous proposition for any organization.
While some believe these risks and others are only heightened in the hybrid cloud, others believe that Shadow IT provides an innovative way for organizations to meet their business needs and implementing a hybrid cloud is one way to leverage that innovation, while also minimizing its risks.
Whether you view Shadow IT as a hindrance or an asset in the hybrid cloud, the fact remains that the security risks it brings up are real and should concern you. Don’t think that just because you don’t know it’s going on in your organization, you are absolved of any responsibility. On the contrary, cloud-era CIOs are responsible for knowing the whereabouts of all of their organization’s data and ensuring that it is properly protected. When a data breach does occur in a Shadow IT application, it’s a safe bet that saying, “I didn’t know that application was being used,” will not suffice as an appropriate response.
Modern CIOs would be wise to accept the fact that their organization’s employees are using Shadow IT. It’s happening in virtually every organization under the very noses of CIOs and IT departments everywhere. Rather than fighting to root it out and rid it from their organizations, they should instead embrace the agility and speed that it delivers.
That’s where adopting the hybrid cloud comes in. It can deliver the agility, flexibility, scalability, and speed that employees need to meet their critical business needs. But, it does so in a managed way and with the security organizations need to regain control over their employee’s IT use. A great article detailing the keys ways in which the hybrid cloud can solve Shadow IT problems can be found here.
The trick, of course, is in knowing what Shadow IT employees are using in the hybrid cloud. Thankfully, there are a couple of ways to do just that. One way is to ensure all external hybrid cloud activities are directed through a management platform; one that allows the system administrator to control employee access and collect data regarding employee usage. Another option is a tool that monitors the use of any public cloud applications across an organization—preferably one with analytics and benchmarking capabilities so that CIOs and IT departments can get a handle on the extent of Shadow IT in their organization. It should also allow organizations to control what data their employees can share with the applications and provide a secure way for employees to access them.
The point here is that by being able to look at the Shadow IT an organization’s employees are using, CIOs and IT departments should be able to get a better idea of what needs are not being met by their current IT infrastructure and solutions. With this information in hand, they can either opt to have their IT departments support those applications and provide employees advice on how to stay secure using them, or they can implement a better, more secure hybrid cloud solution that fulfills this unmet need. Either way, it means better security in the long run in the cloud era.
If you are a CIO currently using the hybrid cloud to mitigate the risks associated with Shadow IT, drop me a line at [email protected] and let me know how it’s going. And don’t forget to check back here each week for more information on the hybrid cloud and other important IT-related topics.
This blog is sponsored by Microsoft.
Cheryl J. Ajluni is a freelance writer and editor based in California. She is the former Editor-in-Chief of Wireless Systems Design and served as the EDA/Advanced Technology editor for Electronic Design for over 10 years. She is also a published book author and patented engineer. Her work regularly appears in print and online publications. Contact her at [email protected] with your comments or story ideas.