Tuesday, May 7, 2013

Shadow IT: Don’t Let It Eat You Alive


Thursday, May 2, 2013 4:50 PMShadow IT: Don't Let It Eat You AlivePuppet LabsAliza Earnshaw

Whether you call it that or not, shadow IT is probably happening in your company right now.

Courtesy of Ghostwalker2061 on DeviantArt.com

Is your sales department using an online CRM? Are developers testing code in the cloud? Are people using offsite storage accounts they set up themselves?

These are common examples of people providing themselves with services they need to do their jobs, without asking IT for help. They do it because it's quick, cheap or free, and very easy: no need to fill out a ticket, and no waiting in a queue of equally urgent IT projects.

Shadow IT can pose a quandary for sysadmins, who worry about its implications for their companies – and for their own future:

  • How will these unauthorized applications and services affect the rest of our network and systems?
  • How secure are these outside systems? Will they pass muster with auditors?
  • Will the company providing a business-critical service still be around next year?
  • How well is our data backed up?
  • If everything is running in the cloud, how much does my company really need me?

Shadow IT Offers Real Business Benefits

Let's stand back for a minute, ignore the worries, and look at the benefits of shadow IT.

The number of tools and services available for every functional area of the business increases all the time. You, the IT operations manager, can't be an expert in every tool that people in accounting, marketing, procurement, manufacturing and facilities need or want to use. And it's difficult to provide and manage all the tools in a timely fashion: You risk becoming the company's bottleneck to productivity.

If you accept that people can and will download – and manage – what they need, that frees you, the sysadmin, to improve every business process in your company. Rather than creating and deleting accounts, and teaching people how to use every tool, you can help your colleagues by integrating tools, un-siloing data to create richer business intelligence. You can identify opportunities to refine processes, and even create innovations that give your company a competitive edge.

But you still can't turn your back on the potential risks of shadow IT. You need to have open, honest conversations with your colleagues. Offer to help them source services that are appropriate to their needs, robust enough to trust, and compliant with your security policies.

Address the Security Risks of Shadow IT

You probably understand security better than anyone else at your company. So help avert the risks of shadow IT by making sure they understand that installing technology means sharing responsibility for corporate security. Alert your colleagues to your policies around passwords, devices, data retention and fair use.

Make sure your colleagues share access information with IT, too. If a department uses a system you don't have access to, that team could find themselves locked out if the person who set it up leaves the company – or just goes on a cell-phone-free vacation.

Mitigate the Business Risks of Shadow IT

Your colleagues probably think the data they're generating in an offsite application will be there forever. They don't think about backing up that data in case the provider loses it, or goes out of business.

You can help your company by vetting the tools and services they're considering. You can check out which companies have proper backup, and which have avoided security breaches. You can also create redundant backup systems that are under your own internal control, so your colleagues can shift service providers when they need to.

Lift Your Job to a Higher Level

Automation is an important part of efficient, secure and dependable IT. If you automate routine tasks – whether they're on physical servers or cloud servers – you can be much more responsive to your colleagues' requests. You can also be more proactive on IT projects that make your company run better, and create real business value.

Here are just a few ways you can add value – if you have enough time:

  • Integrate SaaS systems so data can be shared across platforms and departments
  • Create dashboards that summarize data from different systems for faster, deeper analysis
  • Advise management on how long it might take to integrate the IT systems of a company they're looking to acquire
  • Speed up audits with reports that show your systems are dependable, secure and carefully tracked

So go ahead – enable your colleagues to embrace the tools that are out there. Use your expertise to help them make the right choices, make sure they understand and comply with your security policies, and automate, automate, automate. Then you can spend your newfound time on doing the strategic work that makes you, the IT person, more valuable than ever.

Looking for a better way to automate? We can help you get a quick start with Puppet Enterprise. Haven't downloaded Puppet Enterprise yet? Do it here.

Learn More

No comments:

Post a Comment