REIMAGINING THE ENTERPRISE | A ZDNet Multiplexer Blog What's this?

Evolution of IT in the cloud era

A look into how CIOs can gain control of 'shadow IT' and use it to their advantage.

Evolution of IT in the cloud era

The growth of affordable online services has fuelled a huge upsurge within enterprises of using software as a service (SaaS) at a departmental level. According to The Hidden Truth behind Shadow IT, a report from research firm Stratecast, which surveyed workers across the globe, over 80 percent admitted to using SaaS applications without the IT department's approval, in a phenomenon that's become known as 'shadow IT'. So pervasive is this new trend that IT staff are often the biggest users of unauthorised SaaS applications.

According to Stratecast, employees develop a sense of comfort when allowed to select their own applications. Similar to the BYOD phenomenon, we are now seeing an invasion of BYOA - bring your own application. The benefits for users are fairly clear: ease of access from any browser, ease of maintenance (ie none), relatively low cost, quick deployment, and of course, familiarity with an application that allows them to just get on with the job.

However, some 35 percent of all SaaS applications in operation are likely to have been bought and used without IT oversight. The dangers are well known. They include first and foremost security, as such services may not be enterprise-grade in their use of encryption - and none of them can operate without using company data, leading to potential leakage. There are hidden costs too, when departments buy individually instead of centrally.

Responding to shadow IT

This is not a bandwagon in front of which any IT leader cares or indeed is likely to step. Instead of blocking it, shadow IT needs to be managed.

So how to get it right?

In short, the company needs to develop policies, akin to those governing BYOD, that balance flexibility with control, allowing employees to do the job while minimising risk to the company.

Here are some key tips:

  • Offer policies that are transparent and take shadow IT into account, rather than drive it further underground.
  • If your company majors on innovation and encourages risk-taking, you may feel able to be more lenient with respect to shadow IT than those further from the cutting edge.
  • Re-think your attitude towards unauthorised SaaS applications: is there a good reason why each application is blocked?
  • Explore whether control can be gained over the riskier areas of a particular application, rather than blocking it altogether.
  • Use a secure web gateway to ensure that sensitive information, such as personal data and credit card numbers, never leaves the premises.
  • Ask why business users think IT can't do what they want - have they got it wrong? If not, what can you do about it?