Welcome!

@CloudExpo Authors: Pat Romanski, Yeshim Deniz, Elizabeth White, Liz McMillan, Zakia Bouachraoui

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Cloud Security, SDN Journal

@CloudExpo: Blog Feed Post

Caught! The Real Culprit of Shadow IT

There are some amazing SaaS options out there, so many that IT cannot be expected to find them all first

Once you learn the definition of shadow IT, it shouldn’t be too shocking to learn how widespread it is at companies large and small all over the world. I hate to assume, but the odds are, that you yourself have used a non-IT approved SaaS option for the same reason as everyone else, myself included. We’re all expected to do our jobs faster, and at a higher quality than we did in the past, and sometimes it’s just too easy to go behind the backs of those whom we perceive to slow us down, or act as a blocker.

A recent study showed that eighty percent of those polled admitted using SaaS applications and tools without IT’s approval, which, when you’re part of that eighty percent, isn’t all that shocking. The real kicker is the revelation of who has been using shadow IT SaaS solutions more than anyone.

IT employees themselves.

What’s their reasoning? “IT users feel they can handle the risk better.” That's...not really good enough.

Even as an occasional user of shadow IT myself (I’m trying to quit!) I am happy to see that not every article found online simply touts the ill-advised practice as out-of-control, or impossible to stop. In fact, now that we’ve all learned just how widespread the problem is, many are already well underway in finding a way to rein it in. And in what should relieve CIOs, security professionals, and others responsible for heeling shadow IT as soon as possible—the solution is shockingly simple.

Put a clear policy in place that lists the SaaS options that are allowed, and also formally states that if you’re using one that is not listed, particularly those that are discovered to put you and your customers’ data at risk—this is a real problem.

But how do you know which ones to allow? Not only is this easy, it’s healthy for the culture of your business. Speak with those employees who are using shadow IT, and who have come to rely on these apps to do their job. Let them explain why they chose this or that option, and why the non-shadowy options prohibit them from doing their jobs, or more importantly, from innovating and helping take the company to the next level.

Many of the applications that employees are secretly utilizing probably aren’t a security threat, and like we learned earlier, I’d be willing to bet that many of them are also being used by IT employees as well as others. But as McAfee Asia-Pacific CTO Sean Duca explains, it’s the “shadow” aspect that’s ultimately “bad for business.”

With shadow IT usage being so rampant, across multiple departments, employees aren’t turning to these non-approved options out of laziness, or spite. It’s because IT doesn’t have the time to fully vet every SaaS option out there. Speak with employees to learn what’s helping them do their jobs. Make this an opportunity, as Duca suggests, to “be more open and candid,” to increase the collaboration and communication between departments, and so that “companies can consider purchasing the products so they could be used securely from inside their organizations.”

There are some amazing SaaS options out there, so many that IT cannot be expected to find them all first. But when a new option comes along, especially one that helps you innovate better and faster—don’t leave it in the shadows and put your job or your company at risk. If it’s as great of a solution as you think it is, get it approved, and perhaps even more of your company can benefit and innovate from it than just yourself.

Read the original blog entry...

More Stories By Skytap Blog

Author: Noel Wurst is the managing content editor at Skytap. Skytap provides SaaS-based dev/test environments to the enterprise. Skytap solution removes the inefficiencies and constraints that companies have within their software development lifecycle. As a result, customers release better software faster. In this blog, we publish engaging, thought provoking stories that revolve around agile enterprise applications and cloud-based development and testing.

CloudEXPO Stories
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
DXWorldEXPO LLC announced today that Kevin Jackson joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Kevin L. Jackson is a globally recognized cloud computing expert and Founder/Author of the award winning "Cloud Musings" blog. Mr. Jackson has also been recognized as a "Top 100 Cybersecurity Influencer and Brand" by Onalytica (2015), a Huffington Post "Top 100 Cloud Computing Experts on Twitter" (2013) and a "Top 50 Cloud Computing Blogger for IT Integrators" by CRN (2015). Mr. Jackson's professional career includes service in the US Navy Space Systems Command, Vice President J.P. Morgan Chase, Worldwide Sales Executive for IBM and NJVC Vice President, Cloud Services. He is currently part of a team responsible for onboarding mission applications to the US Intelligence Community cloud computing environment (IC ...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight and has been quoted or published in Time, CIO, Computerworld, USA Today and Forbes.
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the massive amount of information associated with these devices. Ed presented sought out sessions at CloudEXPO Silicon Valley 2017 and CloudEXPO New York 2017. He is a regular contributor to Cloud Computing Journal.