Delivering the right technology solution at the right time and on budget has been the overriding challenge for CIOs for nearly as long as technology has been a part of the enterprise. With the availability of seemingly cheap and easy cloud based solutions, departmental IT issues are being addressed by the departments themselves rather than through what is sometimes seen as Byzantine specification development requirements.
Alan Conley, CTO, Zenoss offers his perspective on what he terms BYOC (Bring Your Own Cloud) in the enterprise.
"The emergence of cloud computing and BYOC/BYOD in the workplace has made it easier for employees to optimize their productivity and effectiveness, however, it has also given rise to a new set of challenges for IT. IT has a choice to either embrace shadow IT or they can reject it. IT organizations who reject shadow IT run the risk of being branded as an impediment to success and find themselves fighting a battle that cannot be won."
Conley continues; "There are tangible benefits that BYOC/BYOD bring to the table, but their adoption and proliferation needs to be controlled. Otherwise, IT staff and your network will be blindsided as untested technologies are unleashed. Uninformed personnel can unknowingly bring in technologies that violate compliance mandates, threaten service level agreements, and introduce unknown vulnerabilities to organizations. By playing the part of a knowledgeable enabler, IT can help businesses to embrace and take advantage of emerging technologies, without the risk of unwanted consequences..
"In order to effectively manage shadow IT, the first step for organizations is to identify it. When organizations lack insight into what tools their employees are using and purchasing in the workplace, it becomes a cat and mouse game of figuring out what is hitting the network. The second step is to control it. Organizations can achieve this through a combination of Whitelists, whereby unauthorized applications cannot run on company issued assets, as well as notification tools, which inform and alert IT if an employee tries to run an unauthorized app. With some proactive readjusting, IT can enable users while mitigating the risks that are associated with third-party apps and services in the workplace."
What do you think of Conley's cautious attitude towards Shadow IT? How do you go about Shadow IT at your company?