When wireless for LAN burst onto the scene, companies were a lot slower than their employees to embrace it. Employees didn't want to be tied to their desks. So they brought in their own wireless access points, stashing them under desks and in conference rooms. Soon companies began realizing they had a big mess of unsecured Wi-Fi AP's on their hands-a problem for any organization trying to keep their data and intellectual property secure.
Shadow IT isn't new. As new technologies emerge, employees leap frog over IT in search of better ways to do their jobs. Cloud is no different.
What makes cloud stand out from past shadow IT situations is the magnitude of the challenge.
To shed light on shadow IT cloud use, we analyzed actual network traffic data and statistics garnered from Cisco Cloud Consumption Service engagements with large enterprise customers six months ago and again at the end of 2015. The conclusion: the shadow IT challenge is rampant, pervasive, and growing explosively.
Shadow IT is indiscriminate. It is found in every industry, in every organization (even those who block internet traffic), and in organizations of all sizes. The average large enterprise now uses 1,220 individual cloud services, up from 730 six months ago. That's up to25 timesmore than recognized by IT-who estimate that they are using 91 public cloud services. The number of cloud services used by large organizations has grown an astonishing 67 percent over the past six months, and 112 percent over the past year.
We're essentially witnessing a democratization of IT. The business groups have spoken and they want the flexibility and innovation cloud services can deliver. There's no turning back the clock here. In fact, a recent IDC study commissioned by Cisco clearly shows an optimized cloud strategy delivers dramatic business benefits. But only 10 percent of organizations have a proactive cloud strategy, with only 1 percent fully optimized. This means that 90% of the market has reactive, fragmented strategies.
Risks Hiding in the Shadows
The uncoordinated use of public cloud can leave the business open to a wide range of risks. Our customer engagements helped us identify the top five business risks:
#1-Business Continuity
As cloud services are increasingly used to support business operations, service disruptions can have a significant impact. Service disruptions can result from planned and unplanned outages, disasters, or from inability of a cloud provider to meet acceptable recovery times.
There is also a potential for a cloud provider to cease operations due to financially-based shut-down, acquisition, or other operational failure. Based on financial viability scores provided by Dunn and Bradstreet, we have found that 26% of cloud providers used by Cloud Consumption customers are ranked very high or high risk of ceasing operations in 12 months. That is one out of every four vendors! If a vendor you were using ceased operations, could you replace them quickly or retrieve your data in a timely manner?
#2-Data Protection
With more critical data residing in the cloud, it is vital for organizations to ensure that business data (customer, employee, partner) is being protected from malicious acts. The first step is to ensure you are using vendors with a strong track-record of data protection and adequate policies. Could you identify vendors who might pose a risk to your data protection policies? The cloud can be extremely secure, but all cloud services aren't created equal. You'd be surprised at how many high-risk vendors you might be using. Cloud Consumption customers discover they are using an average of 44 high-risk services.
#3-Regulatory Compliance
CIOs are responsible for ensuring that cloud services being used by their organization follow policies that would keep the organization compliant with regulations as well as understand what services they are using might be included in an audit. Of the top 100 cloud services used by Cloud Consumption customers, 60% are subject to major regulatory compliance issues and contain data that would be subject to an audit. (The four major regalatory complaince issues are financial reporting/SOX, Protected Health Information/HIPPA, Payment Card Industry, and FedRAMP) If you have an audit coming up, would you understand what services might be included?
#4-Costs
Increasingly, lines of business are making purchasing decisions often without oversight for IT. As every company becomes a technology company and budgets shifts to line of business, organizations are faced with runaway cloud spend. Why? They are spending money on redundant services and are facing hidden costs.
Do you know how much your organization is actually spending on cloud? Are you negotiating discounts on behalf of the entire business?
One of the quick wins our customer have found is around redundant cloud services. Organizations are often using multiple service providers that offer similar functionality. We have found that customers on average use:
#5-Service Performance
Organizations have ineffective capabilities to monitor performance against service level agreements and are challenged to determine if they are receiving what they paid for. This problem is magnified when lines of business rather than IT are overseeing negotiations and might not be aware of contract pitfalls. Do you know if your providers are meeting their SLAs?
You Can't Manage What You Can't See
If you answered no to any of my questions above, you may need our help!
To help CIO's manage their shadow IT issues,we last week. The new software-as-a-service product can help you to:
Sound interesting? I'm hosting a webinar on how to "Discover and Managing Your Shadow IT" on Wednesday January 20that 9 am PDT. I encourage you to register HERE to learn more.
If you want to know more about your cloud please contact us for a demonstration of Cloud Consumption as a Service or learn more.