Cloud orchestration: the key to controlling shadow IT
In a snap poll taken at the Cloud Expo Europe event in London in March, 67 percent of those polled said that cloud computing services were being used without IT’s knowledge or involvement. This is shadow IT and it poses a considerable security risk to businesses.
A survey of Australian organisations suggests a similar figure here. The survey, undertaken by Red Hat Australia, found that only 13.3 percent of respondents had full senior management approval for their use of IaaS, PaaS, and SaaS. Another 12.7 percent said they were operating these technologies in pockets without any senior management approval.
Users often go direct to public pay-by-credit-card services like Amazon Web Services because they cannot get the speed and agility they need from existing, approved organisational systems.
Using these unapproved cloud implementations without the IT department’s oversight can make the business user’s job easy in the short term, but can lead to security breaches and additional costs, and can create IT silos. Only 30 percent of respondents to Red Hat’s survey reported no problems with cloud services.
Also if a particular foray into shadow IT provides significant business benefits its initiators are likely to want to take that application mainstream and there may be significant hurdles to overcome and investment required to do so. Thirty five percent of respondents to Red Hat’s survey reported difficulties getting cloud based services to inter-operate with existing IT.
That's the bad side of shadow IT. The good side is that the motivation is laudable. Shadow IT in most cases develops because the individuals and business units exploiting it are trying to build revenue, gain and retain customers, be innovative and grow the business.
According to Red Hat Australia, the use of shadow IT resources means that department heads are increasingly acting like chief information officers.
However, simply trying to block shadow IT is likely to be counter-productive and certainly will do nothing to enhance the standing of IT and that of the CIO amongst his or her peers.
The solution is for IT to take oversight of shadow IT, to act as gatekeeper to these resources, allow their use whenever possible and monitor usage. This way IT is able to know what cloud services are being used, for what purposes, what is being uploaded to the cloud and ensure there is no danger of the integrity of corporate data or to breach of regulatory requirements, for example to keep data onshore in Australia.
NTT Communications' Cloud Orchestration Tool makes that possible. Through a single pane of glass it provides you with visibility over private, public and on-premise infrastructure.
You can create a service catalogue that includes hypervisors from VMware, Red Hat (RHEV) and Microsoft (Hyper-V) as well as Amazon Web Services and other OpenStack based clouds.
Discover how you can give your users access to the IT resources they want, when they want them, without compromising the integrity and security of your corporate data. Contact NTT Communications for a free demonstration of our Cloud Automation and Orchestration solution: https://nttict.com/flexible-cloud-computing-solution