Multi-Cloud Means We Are All Shadow IT

For data center managers, Shadow IT is a reality — it’s either there and you know it, or it’s there and you don’t. Shadow IT encompasses things like the AWS Machine Learning experiment happening over in marketing that no one cared to mention and the collaboration app the product design folks are using on their smartphones without letting anyone know.

Such procurement of technology solutions without engaging the internal technology specialists is widespread. In fact, Gartner estimates Shadow IT may account for about 40% of technology spending and a McAfee-sponsored survey found that IT departments have only 47% visibility into their companies’ own cloud applications.

For data center managers who remember the good old days of tech, teaching employees how to use email and navigate Wordperfect, Shadow IT feels like a coup. Employees now show up armed with devices, and some will sign up for nearly any cloud service they believe will help them do their jobs.

It can be hard to remember that tech savvy, solution-seeking, independent-minded employees are an asset — but they are. These individuals are a ticket to innovation and must be safely empowered, not stymied. But if employees are to gain greater support in selecting cloud services and other solutions from a variety of providers, data center managers will need to confront the challenges of multi-cloud implementation head-on.

Why We Must Shine a Light in the Shadows

Shadow IT may be an indicator of positive characteristics in the employee base, but that doesn’t mean technologies should be deployed in this manner. There are serious issues with the use of unapproved, unvetted solutions that aren’t properly wired into the technology processes and infrastructure, including:

  • General Data Protection Regulation penalties—These days, all roads seem to lead back to the GDPR. Enterprises are being more carefully scrutinized for their data handling. If a customer asks for their information to be purged from an email list, but an employee maintained a private copy on Dropbox they later use, fines could follow.
  • Security breaches—Many apps and especially consumer-oriented cloud services suffer shortcomings like weak encryption or internal access that puts customer data at the fingertips of their This is a big deal. Gartner predicts that by 2020, one-third of all successful security attacks on companies will come through Shadow IT systems and resources.
  • Lack of backups—Many apps replicate data, but they don’t enable corporate backup and restore. What’s more, if an employee with an account leaves the company, any data under her control could be lost to an inaccessible public cloud.
  • Increased cost and inefficiency—Cloud sprawl is a continual challenge. Different lines of business may have duplicative services, negotiations and bundling discounts probably aren’t being taken advantage of, and subscriptions can easily enter “zombie mode,” unused but auto-billed.
  • Interoperability—The world of Shadow IT is often one of workarounds. Third party solutions store data in different formats, provide different export options, have different API capabilities, and so on. Employees may not recognize at the outset how the enterprise will want to reuse data later, possibly in ways not facilitated by the solution they’ve chosen.
  • Governance and change management—We’ve talked about GDPR, but additional compliance requirements will frequently apply. Tech professionals also know the importance of change management, but it’s not something employees using the virtual equivalent of duct tape to connect disparate services will be aware of, meaning their ad hoc solutions can quickly become big troubleshooting problems.

Rinse and Repeat

No process or toolset will avoid Shadow IT problems forever. Employees will inevitably find ways to access what they think they need. If the IT team isn’t a responsive partner in delivering the goods, they’ll eventually work around them, and given the profit available, plenty of third-party providers will facilitate.

Addressing Shadow IT is thus like managing a chronic disease. Current treatments may lose effectiveness over time. Data center personnel will need to come back to the issue and apply new and emerging technologies to “search and enable” the next outbreak. Machine learning and behavioral analytics, for example, offer new possibilities for monitoring, threat detection, and response. Deployed within an IT culture that respects the need for innovation, they can be effective in leveraging the benefits of motivated, tech-savvy employees while mitigating the risks associated with Shadow IT.