Businesses Underestimate Shadow IT, Cisco WarnsBy Gina Roos | Print
Businesses that don’t deal with shadow IT, which is pervasive in many industries, will face increased security risks, compliance concerns and hidden costs.
Cisco recently shared data results based on its customers’ public cloud usage, including the issue of shadow IT, and the numbers aren’t pretty. One major finding shows that companies are using as much as 15 to 22 times more cloud services to store critical company data than CIOs realized. The reason behind the mounting problem is the explosion of cloud services that are accessed by employees without the IT department’s authorization.
IT organizations estimated that their companies are using an average of 51 cloud services for business purposes, including Salesforce.com, Amazon EC2, Cisco WebEx and ADP for payroll. However, in reality, the average is 730 cloud services, according to the data. The average number of cloud services increased from 575 during the second half of 2014 to 730 in the first half of 2015, increasing 27 percent over that time period.
The data is based on Cisco Cloud Consumption Service engagements with large enterprise customers globally from January 2013 to July 2015. The study reveals usage data from customers’ networks that represent millions of users.
The study also shows how pervasive shadow IT is across industries—health care, financial, education, public sector, manufacturing and retail; how employees are using cloud services; and the substantial risks that companies are incurring without even knowing it, according to Robert Dimicco, global leader and founder of Cisco’s Cloud Consumption Service practice.
Dimicco said organizations were surprised by the numbers. "We show them the data—users, cloud services, when it was accessed, how much traffic was going to it and time of day. It’s irrefutable evidence that changes their perspective," he explained. "Based on these numbers, it’s clear that employees and lines of businesses want more choice and greater speed and agility, and they are going around IT to get it."
A couple of years ago, CIOs were primarily focused on their data centers, but now there are applications and services that reside in the cloud, as well as applications, services and devices at the edge that are part of the overall Internet of things, Dimicco pointed out. As a result, he said, one of the bigger problems the CIO is facing is shadow IT.
Cisco’s definition of shadow IT is when line-of-business employees or departments are using the following technologies without the knowledge of the IT organization: public clouds; software-as-a-service (SaaS) solutions, such as Salesforce.com; publicly available platform-as-a-service (PaaS) technology, such as Microsoft Azure; or publicly available infrastructure-as-a-service (IaaS) solutions, such as Amazon EC2.
The problem, Dimicco said, is that if CIOs don’t know what tech solutions are being used, the applications and services can’t be managed. Also, the IT organization will have to deal with the security issues and costs resulting from these shadow apps and services.
Some of these cloud services are risky. For example, enterprise resource planning (ERP), finance and accounting, customer relationship management (CRM) and human capital management contain data that includes personal employee and customer records, supply chain information, pricing data, financial information and intellectual property.
Using Multiple Vendors
Another issue the research raised is the use of multiple vendors—sometimes as high as seven—for the same type of service. For example, some customers were using several collaboration services including Cisco WebEx, GotoMeeting, Microsoft Skype and Microsoft Lync.
"It’s happening because anyone with a browser and a credit card who wants to get a new app or try out a new productivity tool can go to the Web and provision themselves as a user within minutes," Dimicco said. "They haven’t had to wait weeks and sometimes months for the IT organization to give them access to a given app or service."
This, alone, can lead to additional costs. Cisco’s research indicates that the cost of the public cloud is four to eight times higher than the cost charged by the cloud provider because there are additional or hidden costs, including business risk, integration, security and networking. These are part of the invisible costs for companies.
This is where Cisco can help through its Cisco Cloud Consumption Services. The organization helps a business identify all the public cloud services—SaaS, PaaS and IaaS—they are using, help them govern those services, manage the risks and put a cloud strategy in place.
Organizations can create a catalog of all the services authorized and approved by IT that employees can use to access these services, said Dimicco. “This still gives a tremendous choice to the lines of business, but they now are going through a catalog to access these services so the IT department knows what risks are being incurred, and what spending is taking place,” he explained.
Cisco’s Cloud Assessment analysis gives the CIO the data to choose which applications should run in private clouds and which should be housed in public clouds, as well as how to implement a single operational hybrid cloud. For midsize companies, the company offers Cisco Cloud Consumption as a Service. It is an annual software subscription that helps customers discover which cloud services are being used in the organization, identify potential risks and predict future cloud needs.