Shine Some Light on Shadow IT
Welcome to My Secret Lair
Written by Richard Whitehead
Every superhero has to have a hidden hangout, right? Batman had the Batcave. Superman had his Fortress of Solitude. And Spiderman had his room in his Aunt May’s house... Hmm, is it just me, or did Peter Parker make for one of the lamer superheroes?
Anyway, welcome to my little corner of Novell Connection magazine. Or, as I like to call it: WorkloadIQ Man’s Secret Lair. So onto my intent with this column. I want to offer a little knowledge, and provide some tangible examples of things you can do now and likely developments that you can plan for as you move toward successful implementations of intelligent workload management (IWM). So let’s start the conversation.
You’ve no doubt heard about the stealth cloud—employees “flying under the radar,” consuming IT services without the permission or support of IT. Myself, I call it Shadow IT. And whether you want to admit it or not, it’s happening right now in your company.
Business users are adopting cloud computing in droves. Collaboration, social networking, project management, CRM, online backup and other valuable services are all available through the ubiquitous Web browser. And while employees are making use of these services “from the shadows,” it’s IT who is left in the dark.
IT Must Embrace Cloud Computing
So what can you do? The short answer is to embrace it. Well, that is if you want to maintain enterprise security and compliance—and retain your customers. Recently, I read quite an interesting article on this very topic. And it included some ideas on how to address this growing challenge.
The article is one of those “the toothpaste is out of the tube” types of stories. Cloud computing is here to stay, and business users are already using it. Banning the practice outright will only drive it that much further into the shadows. IT’s only viable option then is to embrace cloud computing.
The author goes on to describe an approach for evaluating and controlling cloud computing within the enterprise. He uses the mnemonic device “PASTA” for his approach:
- Policy—Determine what the company’s policy is going to be for cloud computing. What types of applications are suitable for cloud-based use?
- Amnesty—Give employees a chance to “come clean” without fear of reprisal. That way, you’ll know what cloud applications are actually being used.
- Support—Ensure that IT is prepared to support all the discovered applications. It will help motivate employees toward full disclosure.
- Technology evaluation—Assess the value of each and every cloud application to the business.
- Adoption—Build your cloud architecture. Some applications will undoubtedly survive the technology evaluation. For others, employees will have to migrate to the corporate standard.
It’s a good article. You should give it a read if you have a few minutes. Of course, it might just make you hungry for Italian.
Security or Insecurity?
So why are IT organizations still so averse to cloud computing? Most people today will tell you it all boils down to concerns over security. However, most cloud providers can probably provide better security than most enterprises can. After all, their core business depends on it for survival. So I’ve started to wonder if it isn’t more of a case of insecurity. You see, for as long as I can remember, IT’s perceived role has been one of control. Shadow IT takes away virtually all of that control and puts it squarely in the hands of business users.
From what I’ve seen over the years, IT people are often insecure about their jobs or abilities. If they lose control of what goes into the cloud, perhaps they fear they won’t have anything to build or manage, or anyone left to control.
What IT perhaps fails to see is that when a business user goes around them and starts using an unapproved cloud-based app, they’re not doing it out of malice. They’re just trying to get their job done—and they view IT as too inflexible to help them. So they take matters into their own hands. Unfortunately, this Shadow IT computing opens the company up to untold risk exposure and compliance issues, which could easily drive away customers if something were to go wrong.
So whether IT likes it or not, the time has come to accept cloud computing. By doing so, IT will appear far more responsive to the business and will be able to keep up with the current pace of change. Trust me, it’ll make upper management and your auditors much happier.
Novell WorkloadIQ Can Help
Intelligent workload management, infused with identity, can make the process of adopting cloud computing in the enterprise much more painless. Specifically, Novell WorkloadIQ solutions can help your IT organization discover the Shadow IT cloud applications that are being used, evaluate them and adopt the ones that make the most sense for your business.
Novell WorkloadIQ products cover virtually every aspect of the IWM lifecycle:
- Build—You must have an automated way to provision workloads on demand—across physical servers, virtual servers, appliances and cloud environments.
- Secure—Effective mechanisms for automating identity and access management and enforcing security policies internally and in public clouds must be in place.
- Manage—Workload management tools must be able to ensure resource availability and optimize resource use like never before. Forget about adding IT staff. These processes must be automated.
- Measure—Cost, performance and compliance issues are getting more complicated. You need an automated way to monitor, measure and report on your far-flung workloads.
WorkloadIQ solutions from Novell comprise a complete set of identity-aware, policy-based services and solutions that are integrated to add more intelligence to workloads as you move forward. And they mesh with IWM tools from other vendors. The ultimate goal, regardless of whose IWM solutions you choose, is to deliver business services for end users—and do it as efficiently, cost-effectively and securely as possible.
The time for IT to get past its insecurities is now. So shed some light on the Shadow IT activities taking place in your organization and move forward with confidence.