As more organizations see the benefits the cloud can offer, enterprises are eager to implement cloud migration strategies. By next year, Gartner forecasts that 75 percent of organizations will take the next step and deploy a multicloud or hybrid cloud model to meet their IT needs. As with any major IT shift, there are several common pitfalls that organizations fall prey to during the adoption process. What’s the highest risk for security? Shadow IT.
Shadow IT is the phenomenon whereby employees who are not getting what they need from their own IT department set up storage or compute infrastructure at a public cloud provider and deploy applications or store data in the cloud.
Falling into the Shadows
Make no mistake, shadow IT can make your organization vulnerable. Not surprisingly, this means the first reaction of most CIOs is to shut it down – but this can be harder than one might think. There will always be a risk of employees going rogue and sneaking in the technology they believe makes their jobs easier.
Therefore, it’s important for enterprises to familiarize themselves with – and prepare to face the risks of – shadow IT, including:
When employees deploy their own clouds, they don’t necessarily have the skills or tools to make sure the deployment is secure, let alone maintain good security hygiene through proper patch management and vulnerability updates. Furthermore, cloud instances are frequently forgotten, as projects conclude or whatever web servers were deployed become outdated. The company risks a data leakage or an intrusion because of an attack surface the IT department did not even know existed.
A Light in the Darkness
While it’s very clear that shadow IT presents serious security challenges, it’s not an inherently bad thing that needs to be completely repressed. When employees get to choose their devices and apps, productivity can go way up. They can adopt the latest technologies faster than IT ever could and drive innovation by more agilely responding to market shifts. This is why CIOs are realizing that they — and their organizations—can actually benefit by coexisting or even embracing shadow IT.
Shadow IT can also provide enterprises with a coveted edge in attracting and retaining highly sought-after talent. The ability to choose and use desired systems is a real draw for IT pros. Organizations that wish to sweeten the pot for potential employees would be wise to consider seizing the opportunity shadow IT presents.
How to Successfully Integrate Shadow IT
It’s important to recognize that IT staff is always under pressure and stretched thin to deliver on business transformation initiatives. With shadow IT here to stay, enterprises need a strategy to include it in their cloud adoption journey.
For IT to retain any control over the security posture of the entire network presence, they must provide templates and tools that would enable a secure deployment. For example, deploying a new VPC should:
When planning a move to the cloud, it’s crucial that enterprises recognize and plan for potential pitfalls – shadow IT included. While these obstacles certainly come with their own sets of unique challenges, enterprises that find ways to use them to their advantage will come out on top.
Organizations must essentially decide to either cut out shadow IT altogether or integrate it. It’s a critical decision that requires both a look inward at the company’s current security posture, as well as a look forward at what it should be. Whatever the ultimate choice, understand the risks and potential rewards to avoid falling prey to this silent killer.
