10 July, 2019 | Written by: David Metcalfe and David Terrar
Categorized: Cloud | Perspectives
Share this post:
Apologies for the play on words – couldn’t resist it!
This is our third blog, continuing the series of “where we’re going we don’t need roads” #dontneedroads, and for those of you wanting the throwback link how about Cliff Richard and the Shadows (cue Apache or Summer Holiday for those of a certain age!)
So buckle up as we get the De Lorean started for a Shadow IT blog. But hey! I hear you say, isn’t cloud supposed to have removed shadow IT? Well yes and no!
First there was on premise shadow IT, servers under desks, discretely hidden in broom cupboards far away from the IT department and in some cases serving business critical applications and services.
Then came along cloud, public cloud, we retain some on premise for regulatory or security reasons so we move/morph to hybrid cloud. Shadow IT gone? No!
Now we have the opportunity to have hybrid/multicloud shadow IT care of a smart device and a credit card, and the IT department have no idea of what’s happening!
So why is shadow IT still so prolific in organisations? I believe it’s down to several factors:
- Money talks
Let’s have a look at each one in more detail.
- Convenience – I want a service or an application, its hosted on a public cloud, all I do is present my credit card details and within a couple of minutes boom! Got my service and good to go, I have flexible consumption models and no need to worry about availability, performance, security etc because my cloud provider does all that! (or do they?)
- Speed – very similar to convenience but a direct pointy finger at the IT department, jeez you guys are slow, I want this and I want it now (see above!) I haven’t time for forms, I can’t wait for the long winded process you guys have, I want it now!
- Money talks – that credit card in paragraph 1, well it’s just not credit cards, various studies show that although the IT department have a greater say at the beginning of a project/request by the end the business has the biggest say as they hold the purse strings. If a line of business executive has a budget then why bother with those IT guys, let’s just go out and buy what we need.
So with cloud based whatever you want as a service, for example SaaS (software as a service) the poor old IT department is well and truly in the dark, and there are more dark forces coming into play.
As an IT Service Management consultant in previous roles, Shadow IT has been the bane of my life – why? Where do you want to start?
Security, change and configuration management, data integrity, business resiliency, regulatory compliance I could go on but these are crucial aspects of keeping the business running regardless of which cloud or infrastructure you’re using, and Shadow IT bypasses most of these and more that are mentioned above.
So what’s the compromise – if any? Well how about:
- A more responsive, faster, seamless change process, one which the user/requester can initiate, track and control? Today most new or updated service requests can be automated to the point of a button is pressed and voila! This is really the easiest way of combatting shadow IT as most organisations have it in place in one form or another.
- A centralised, policy driven security and governance process, that the users are part of, it has worked for BYOD (bring your own device) so why shouldn’t it work for hybrid/multicloud?
- Business and IT work together – yes together! How? Well compromise might be a good starting point but how about choice!
Let’s go a bit deeper into choice, with all the open source solutions available today many organisations are building or buying a platform. These platforms are part of their journey to cloud. This journey is more than likely a hybrid journey and probably involves multiple clouds and cloud providers, we now have a hybrid multicloud environment, ideal for Shadow IT!
However these platforms can provide choice across multiple disciplines – cloud native application development, continuous integration and continuous delivery (CI/CD), a choice of runtimes, different deployment options and more! Great choices that can nullify Shadow IT.
By providing a centralised policy driven governance/security posture which encompasses all of the business (on premise or on public cloud) business can be reassured that brand damage, data loss etc are prevented but their choices remain.
IBM has recognised that most businesses are in, or moving towards a hybrid multicloud world, and recently released their, Multi Cloud Management solution which provides Visibility, Governance and Automation across this new world. Business and IT can collaborate on what runs where, who can access it, which cloud/infrastructure it can run on.
This provides the speed that business needs but with the guard rails that ensures IT has control thereby reducing the need for Shadow IT!
See a happy ending! So all your clouds can have a silver lining instead of a shadow hiding!