What Keeps CIOs Up at Night? Shadow IT and Cloud Security
As employees become increasingly dependent on cloud technology for work, using cloud-based solutions and applications is fast becoming “the new normal” for enterprise businesses. While this trend is catching on incredibly fast, with research showing that 63 percent of companies use cloud services, it’s also causing a big headache for CIOs and IT leaders. According to a recent survey by Fruition Partners, more than 80 percent of CIOs in the U.K. worry that cloud adoption is loosening their organization’s grip on IT. However, their biggest fear lies in the ever-growing Shadow IT. Also known as Stealth IT, it is the ongoing practice of employees using consumer apps and SaaS (software-as-a-service) solutions at work, without their IT departments even knowing about them, let alone approving their use.
Why CIOs Lose Sleep Over the Cloud?
There’s a vast range of cloud-based apps currently used in organizations—from the basics like Gmail, Facebook, and Twitter, to cloud-based file sharing and storage platforms such as Google Docs, Dropbox, and iCloud. Then, there are the project management apps like Basecamp or Trello, as well as digital communication tools like Skype, Google Hangouts, and FaceTime.
A 2014 Frost and Sullivan survey revealed that an average company uses around 20 SaaS apps, at least seven of which are not sanctioned by their IT department. Plus, with trends like BYOD, telecommuting, mobility, and remote work, there are new devices entering (and exiting) the workplace constantly, leaving organizations—and IT departments—faced with challenges and risks concerning data security.
There is another side to the story. Cloud computing allows for efficient, easy collaboration, a huge benefit that helps organizations operate more quickly and more cost-effectively, ultimately resulting in bigger profits. This is one of the reasons why the CIO and the IT team, with their well-founded cyber security concerns, are often perceived by their business peers as “human bottlenecks,” hindering progress and innovation.
This leaves CIOs and IT holding a double-edged sword. A company-wide ban of non-approved apps could negatively affect employee productivity and job satisfaction. But, allowing apps—along with the possibility of a security breach or compliance violation—could see the enterprise suffer damage to both their bottom line and their reputation. CIOs and their IT teams today definitely face a conundrum unique to our era of rapid technological evolution.
What CIOs Need to Do
IT needs to stop waging an internal battle with other departments and let go of old-fashioned mindsets: “We’ve always done it this way” just doesn’t cut it any more. Instead, they should tear down the silos between IT and the rest of the organization. CIOs have an opportunity to be the driving force behind these changes, and must partner with their peers in the C-suite to develop companywide strategies around in-house digital and mobile, and the use of outside applications.
Instead of tightening their grip over IT assets and applications, today’s CIO should lead the charge toward developing clearly outlined policies governing cloud computing and SaaS usage. In most cases, employees don’t know whether a cloud application is IT approved or not—they use it because it’s convenient, familiar, and helps them get their jobs done faster. CIOs also need to build strategies around improving employee-awareness when it comes to high-risk applications.
IT will gain a better foothold on security if businesses embrace and adopt the latest technologies and services, and employees won’t find it necessary to venture outside their “IT walls” to access outside sources. The right managed service provider (MSP) can also help, by sourcing which applications employees prefer and use the most, and figuring out ways to either provide the same services in-house, or integrate those apps in a manner where IT can effectively monitor them.
To quote a recent VentureBeat article, “CIOs would be well advised to adopt a more progressive approach. Shadow IT highlights those areas in which IT is falling short of the needs of the employee. It should be viewed as a valuable asset, not as a threat. With a more progressive approach, CIOs could implement regulations that actually support shadow IT initiatives, helping them to understand employee grievances to achieve the right solutions.”
The solution lies in the CIO partnering with IT vendors and MSPs to introduce cloud services with best-in-class security capabilities and a great user experience. Today, “as-a-service” is the new business model, and the cloud is the new data center. CIOs and IT pros need to adapt, and adopt new ways to help employees reap the benefits of these trends. When that happens, you’ll be bringing Shadow IT out of the shadows, and into the boardroom.