Special Coverage Series

Network Computing

Special Coverage Series


Shadow IT Reality Check: Survey Shows IT Pros Are The Worst Offenders

When it comes to unauthorized SaaS applications, IT professionals are some of the most prolific users, according to a recent survey.

Anyone who has worked in IT for any amount of time probably has a few guilty secrets about their own rogue IT activities. Shadow IT -- that is, using SaaS applications that have not received the blessing of the IT department or were not obtained in ways that are strictly above board when it comes to IT procedures and policies -- is everywhere, whether CIOs want to admit it or not.

In a recent survey by Frost & Sullivan's Stratecast group, more than 80% of respondents admitted to using non-approved SaaS applications as part of their day-to-day business activities. In fact, only 17% of IT employees are toeing the line when it comes to limiting their technology to corporate-sanctioned products. The survey, sponsored by McAfee, polled 600 IT and line of business employees in the U.S., UK, Australia and New Zealand.

Authored by Frost & Sullivan’s cloud computing program director, Lynda Stadtmueller, the study revealed that IT professionals themselves are by far the worst offenders when it comes to using unauthorized services. What’s more surprising is that IT holds itself above its own policies.

An incredible 91% of IT departments are currently using at least one unapproved SaaS app as part of standard procedure, and 25% are using six or more unauthorized apps. What’s more, about a fifth of individual IT users (19%) are also personally opting to break the rules in embracing a half dozen or more SaaS apps that aren’t sanctioned by the IT department, either officially or unofficially.

Why is IT breaking the very rules that it sets for the rest of the company?

“An IT person may feel more confident in their abilities. It’s very much an attitude of ‘It’s okay for me ... don’t you do it’,” Stadtmueller said in an interview this week. “In reality, that’s probably not true, especially when you have multiple IT people, each with their own specialties, each doing their own thing. It can be pretty risky.”

When it comes to corporate security, CIOs are right to be concerned about shadow IT. After all, not only does unauthorized software open the network up to malware and Trojans -- about 15% of all survey respondents either experienced or perceived a security “incident” -- but the logistics of managing versions and installed licenses can be a nightmare. Then there’s the potential for loss of secure information and risk of compliance -- an ugly situation no matter how you look at it.

[Read how startup Netskope aims to help companies control rogue use of cloud applications by employees in "Cloud Service Reins In Shadow IT."]

However, the prevalence of shadow IT speaks to a larger issue within the corporate culture. Employees turn to rogue IT solutions not for malicious or lazy reasons. In fact, the same survey respondents who were deploying unauthorized SaaS apps said that they had “high concern” for putting the company’s data at risk.

Quite simply, they turn to unauthorized SaaS apps because they just want to get their jobs done. “We saw no evidence that anyone didn’t care about the security risks or the welfare of the company,” Stadtmueller said. “Both IT and the LoB employees appeared to feel that their decisions were justified, that they were bringing greater value to the company. They’re thinking, ‘I got to do my job, I have to do it fast and I’m confident that the benefits will outweigh the risks.’”

A CIO’s first instinct is to simply lock down the network. That’s exactly the wrong response, according to Stadtmueller.

“The right answer isn’t to crack down. The answer is to find a security solution -- and the good thing about technology is that the answer exists somewhere -- that is broad enough to give employees the freedom that they really want,” Stadtmueller advised.

“Let them choose the software they really want within the right parameters," she said.



Related Reading


More Insights



Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 

Editor's Choice

Research: 2014 State of Server Technology

Research: 2014 State of Server Technology

Buying power and influence are rapidly shifting to service providers. Where does that leave enterprise IT? Not at the cutting edge, thatís for sure: Only 19% are increasing both the number and capability of servers, budgets are level or down for 60% and just 12% are using new micro technology.
Get full survey results now! »

Vendor Turf Wars

Vendor Turf Wars

The enterprise tech market used to be an orderly place, where vendors had clearly defined markets. No more. Driven both by increasing complexity and Wall Street demands for growth, big vendors are duking it out for primacy -- and refusing to work together for IT's benefit. Must we now pick a side, or is neutrality an option?
Get the Digital Issue »

WEBCAST: Software Defined Networking (SDN) First Steps

WEBCAST: Software Defined Networking (SDN) First Steps


Software defined networking encompasses several emerging technologies that bring programmable interfaces to data center networks and promise to make networks more observable and automated, as well as better suited to the specific needs of large virtualized data centers. Attend this webcast to learn the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging.
Register Today »

Related Content

From Our Sponsor

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

Business executives are challenging their IT staffs to convert data centers from cost centers into producers of business value. Data centers can make a significant impact to the bottom line by enabling the business to respond more quickly to market demands. This paper demonstrates, through a series of examples, how data center infrastructure management software tools can simplify operational processes, cut costs, and speed up information delivery.

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Both hot-air and cold-air containment can improve the predictability and efficiency of traditional data center cooling systems. While both approaches minimize the mixing of hot and cold air, there are practical differences in implementation and operation that have significant consequences on work environment conditions, PUE, and economizer mode hours. The choice of hot-aisle containment over cold-aisle containment can save 43% in annual cooling system energy cost, corresponding to a 15% reduction in annualized PUE. This paper examines both methodologies and highlights the reasons why hot-aisle containment emerges as the preferred best practice for new data centers.

Monitoring Physical Threats in the Data Center

Monitoring Physical Threats in the Data Center

Traditional methodologies for monitoring the data center environment are no longer sufficient. With technologies such as blade servers driving up cooling demands and regulations such as Sarbanes-Oxley driving up data security requirements, the physical environment in the data center must be watched more closely. While well understood protocols exist for monitoring physical devices such as UPS systems, computer room air conditioners, and fire suppression systems, there is a class of distributed monitoring points that is often ignored. This paper describes this class of threats, suggests approaches to deploying monitoring devices, and provides best practices in leveraging the collected data to reduce downtime.

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Rack power of 10 kW per rack or more can result from the deployment of high density information technology equipment such as blade servers. This creates difficult cooling challenges in a data center environment where the industry average rack power consumption is under 2 kW. Five strategies for deploying ultra-high power racks are described, covering practical solutions for both new and existing data centers.

Power and Cooling Capacity Management for Data Centers

Power and Cooling Capacity Management for Data Centers

High density IT equipment stresses the power density capability of modern data centers. Installation and unmanaged proliferation of this equipment can lead to unexpected problems with power and cooling infrastructure including overheating, overloads, and loss of redundancy. The ability to measure and predict power and cooling capability at the rack enclosure level is required to ensure predictable performance and optimize use of the physical infrastructure resource. This paper describes the principles for achieving power and cooling capacity management.