By Kamal Shah
The magnitude of Shadow IT is significant and growing. Gartner has predicted that a full 35% of IT spending will take place outside of IT by 2015 – just 18 months away. By the end of the decade, that figure will hit 90%.
CIOs, CISOs and members of an organization’s security and IT teams have a difficult time getting a handle on Shadow IT, and just how many cloud services are in use by the employees in their organization. In our experience, they typically estimate somewhere between 25–30 services in use, but in reality we see that there are usually between 300–400 services, 11 times more than IT was aware of.
When the IT and security teams come to realize the sheer volume of cloud services in use, the massive size of Shadow IT, and the magnitude of cloud data security risk due to Shadow IT, it’s always a real eye-opener. The vast number of cloud services running speaks to several exploding trends – cloud computing, bring your own device (BYOD), bring your own cloud (BYOC), and consumerization of IT.
Specifically, the rapid shift from on-premise business applications to cloud-based SaaS applications has enabled any employee with a credit card and an internet connection to become an IT manager and deploy their own Shadow IT applications without notifying IT.
These trends are not going away. In fact, they are expanding broadly, fueled by the growing consensus that use of cloud services results in higher productivity. A recent survey of IT decision makers found that 72% suspected that Shadow IT was beneficial and made it easier for employees to do their jobs. However, Shadow IT also creates clear data security and compliance risks.
It is unclear how safe data is within these cloud services, and there is no guarantee what security measures the providers put in place. This year's breach of Evernote is a good example, and was eye-opening for the industry. These service providers are focused on the instant delivery of cloud applications, not security. If a giant company such as LinkedIn is at risk, then how susceptible are the small SaaS providers employees are using without their IT department’s knowledge or safeguards?
The good news is that most IT teams want to constructively address the Shadow IT phenomena and believe that there is a happy medium that balances cloud services agility and cloud security. IT wants to help their business counterparts accelerate the safe adoption of cloud services while protecting corporate data. There are a number of approaches for discovering and studying Shadow IT, such as using a cloud-based solution that analyzes firewall logs in a non-intrusive and real-time manner. The most popular approaches take it a step further and identify the risks of cloud services, as not all SaaS applications employees will use are unsafe.
Take the time to learn about these approaches, and find the one that works best for your organization. Like most cloud services, organizations should be able to use these solutions in a matter of minutes and immediately help IT organizations shine a light on Shadow IT for safer and more productive cloud service use.
Kamal Shah is the VP of products and marketing at Skyhigh Networks.