Whatever you call it — Shadow IT, Cockroach Technology, or Bring Your Own App — it is transforming IT, and organizations ignore it at their peril. Given the negative connotations associated with the first two terms, let’s stick with BYOA.
Like BYOD, BYOA is already a major factor in most organizations, and while it brings a lot of baggage, it also brings a lot of benefits. On the negative side there are network bandwidth, security, and governance issues, and on the positive side, there are speed, agility, and productivity advantages.
According to a new survey of 1,400 IT and business professionals, consumerized cloud apps have become both a challenge and a blind spot for many IT professionals. Key findings include:
- BYOA is here to stay: 70% of organizations have some presence of BYOA;
- IT significantly underestimates the scale of BYOA: they estimated they have, on average, 2.8 applications that were brought into the organization by employees, but the average is closer to 21 apps;
- Consumerization of Apps is accelerating: employees are bringing in their own applications because they’re unhappy with solutions provided by IT; more than 64% of the time, applications are brought in by employees when a solution already exists;
- IT is out of the loop: employees are consulting IT less than half the time when choosing these applications; then, even after IT endorses these employee-introduced applications, IT is rarely involved in provisioning or managing them; and,
- Security risks are inconsistently managed, if at all: only 38% currently have a policy in place.
Another new report involving more than 10,000 organizations highlights the risks associated with Shadow IT. “Whenever an unsupported service like Dropbox is used, you are exposing corporate data to an outside service,” said Kellman Meghu, head of security engineering at Check Point.
“Many of these services have terms of service that may be in conflict with the corporate requirements. For example, if you post corporate information to Dropbox, does it become the property of Dropbox? There is also the bigger issue of creating another point from which data can be stolen or leaked.”
Last year, a Frost & Sullivan study, sponsored by McAfee, found that more than 80% of the 600 respondents used non-approved software-as-a-service applications in their jobs — and IT employees were the worst offenders. “By ensuring the policy is being enforced, and high-risk applications are identified when they appear on the network, users can be guided to proper resources to accomplish what they need,” Meghu said.
In 451 Group’s Wave 4 Cloud Study, 50% of respondents had no formal process for onboarding users of external cloud services in accordance with IT policies, creating the threatening specter of Shadow IT. However, the research company also said Shadow IT is beginning to wane as cloud computing goes mainstream.
The emergence of the mobile-first enterprise that must also prepare for machine-to-machine (M2M) and the Internet of Things (IoT) technology is helping drive BYOA adoption, according to Richard Absalom, Senior Analyst, Enterprise Mobility, OVUM, in a recent blog entry. However, IT needs to provide the right tools or risk obsolescence.
“Individual employees and line of business managers are already bypassing the IT organization if it does not provide what they need, creating a large shadow IT environment. This has obvious risks in terms of creating new information silos and less interoperability between different parts of the business, not to mention data security and management. IT needs to demonstrate that it is the right body to manage such activity.”
CIOs and IT are seeing opportunities to finally be part of the revenue stream for the company, helped in part by Shadow IT coming out of the closet, according to a recent interview with Tom Roloff, SVP, EMC Global Services. “Shadow IT used to be the server under the business guys desk,” he stated. “Now it is swiping your credit card and spinning up software and infrastructure. Some can say it’s a terrible idea and let me show why it is not going to work. But embracing it is the CIOs that are bringing Shadow IT out of the closet.”
The bottom line is that IT can either be part of the solution or part of the problem. Trying to navigate down the middle of the highway will just result in roadkill.