The good news about the era of cloud-based business solutions is that today it is easier than ever for business units or departments to get the functionality they need almost instantaneously—through a cloud provider, such as Amazon Web Services, Google Cloud Platform or Microsoft Azure, or from a SaaS provider, such as Salesforce.com, Workday or NetSuite. Define a particular business or IT need, hand over a credit card number and presto! Your IT solution is up and running.
The bad news about the era of cloud-based business solutions is that today it is easier than ever for business units or departments to get the functionality they need almost instantaneously—without the experience or oversight of a centralized IT procurement department.
It’s called “Shadow IT”—technology solutions lurking around an organization and hidden away somewhere, perhaps in a marketing budget. Is this prevalent in the business world today? Yes. Consider a December 2013 survey by cloud IT operations specialist 2nd Watch, in which 93 percent of business units said they are leveraging the cloud for services they need to conduct business—and 61 percent reported bypassing the IT function completely to do so.
When we ask clients how much Shadow IT spending occurs throughout the company, they usually don’t know. They are certain, however, that what they do see of Shadow IT is only the tip of the proverbial iceberg. In fact, we conservatively estimate that a typical large company has hundreds of unregulated cloud, SaaS and other solutions in use—perhaps 10 times that of its known cloud usage.
Why all the activity in the shadows? Business units that go off on their own with a cloud solution are not trying to be subversive; they just don’t want to wait. Companies are bumping up against the issue of IT departments that were designed for an earlier era of computing, an era based on long waits before requests were finally implemented. In many cases, IT departments simply are not structured for the speed of business today. At the same time, demands on IT resources are increasing each year even as budgets remain flat. The result: Shadow IT.
Although nimble, cloud-based solutions are good, and the intentions of Shadow IT users might not be bad, the consequences certainly could be ugly if IT procurement is bypassed. And we’re not talking about merely paying higher prices for services. Anyone running a departmental cloud-based solution must be certain that the department is in compliance with company policies regarding intellectual property protection as well as country-specific regulations about data privacy.
Why does IT compliance matter? A big reason is it helps ensure that a company’s data is protected. The Heartbleed Open SSL bug is a recent example of a major security vulnerability that may have affected hundreds of thousands of websites, potentially giving hackers access to login credentials and other data. When a threat such as Heartbleed strikes, the IT organization must determine the company’s risk. The existence of Shadow IT is one reason why accounting for all systems is next to impossible.