Not long ago, I presented a webinar on BrightTalk about cloud and BYOD (Bring Your Own Device). In it I discuss how users have myriad options that are outside the control of IT groups – shadow IT. That end-users are using applications powered by public cloud computing isn’t surprising. Most of us, at one point or another, have used web mail to move a file, Evernote to jot-down thoughts, or DropBox to share files. The worry for organizations is that corporate data, from email to files, not only lives on the same devices (smartphones, tablets, employee-owned laptops… etc.), but the data may also be moved or stored using applications outside of corporate control.
On the other end of the spectrum from end-users are datacenter users. These are the developers and operations (DevOps) people who are building new applications for customers, partners, both internal and external. They, too, are bypassing IT using parts of public cloud, especially Infrastructure- and Platform-as-a-Service (IaaS and PaaS, respectively).
While very different groups, their goals are the same – they need to get things done, move the business forward, and they follow the easiest path to achieve those things. If a partner needs a large file, and there is no “IT-provided” service to transfer it, end-users will find a solution. Likewise, if developers need a few servers to host a new application, and there’s no time to wait, leveraging an IaaS or PaaS provider will provide servers in minutes. In other words, both types of users have many, many options. In a sense, IT departments are in competition with Shadow IT.
It is a mistake for IT departments to issue policy, ‘Thou Shalt Not Make Use of Shadow IT!’ and hope users follow the rules. Many of the applications end-users leverage are free. If DevOps are under pressure to launch and scale-up an application, they will take advantage of public cloud. In some cases, I have heard senior IT people assure me public cloud isn’t being used by their organization, to which I regularly respond by asking, “Have you checked the expense reports?”
The good news is this is not a lost battle, but IT departments have to accept they are in competition with Shadow IT. Instead of focusing on trying to put the toothpaste back in the tube, as it were, they need to think of themselves as a service provider.
For end-users, this means understanding what they need. If moving information between devices and users is something end-users need, look at something like Citrix ShareFile. If end-users want to access corporate data on their own devices, identify how you can secure those devices (from a straightforward solution such as GravityZone Security for Mobile Devices to rich Mobile Device Management offerings).
For DevOps, if IaaS/PaaS is needed, leverage a public cloud offering such as Microsoft Azure or Amazon Web Services. Treat them an extension of the datacenter (in-fact, with features like http://aws.amazon.com/vpc/, public cloud is exactly that!). With just about every public cloud offering, and organization can quickly build a handful of templates which include required IT software for patching, asset management, and other security requirements (for example, Bitdefender Security for AWS).
These internal customers of IT services don’t actively want to bypass IT. If IT can offer services that compete with Shadow IT, end-users will sacrifice some functionality – if need-be – to stay within corporate policy. The trick is understanding the basic requirements, and working to meet them. I recognize that is easier said than done, but starting down that path is better done sooner than later because Shadow IT isn’t going away anytime soon.