Stealth Cloud – Arming IT Professionals with the Ability to Manage Shadow IT

There are public clouds, private clouds, community clouds, and hybrid clouds – and now, a recent term has been coined for “the stealth cloud”. As the name suggests, it is a secretive, sly cloud of information gathered from shadow IT and shared by business users without the knowledge or support of the IT department.

It is imperative that the IT team is armed with the ability to manage and reduce this shadow IT as quickly as possible. The following are internal processes that might silently feed the stealth cloud, and should be monitored:

  1. Backup storage
Data storage in the cloud is one of the most common ways shadow IT can infiltrate your organization. Think of services like Google Drive that give users a quick and easy way to store files, sync them between computers, and access the data from anywhere.

When that shared data is corporate intellectual property, there are severe implications for security and management.

  1. Third party file transfers
There are dozens of services online like YouSendIt or DropBox that will let you upload a large file to a browser and send a link to someone, who would then be able to download it. This seems harmless, but when that large file is a company’s customer list, payroll data, or any other sensitive data it becomes a little more threatening.

This information generally should not be stored on third-party systems. If your company does choose to store it on a third party, you should wait until there is a contract in place to ensure the integrity, confidentiality, and availability of that data is guaranteed.

  1. Use of personal email and telephone
For compliance, security and privacy reasons, as well as to protect their brand, most companies require employees conduct business using the business’s email system and phone lines. However, sometimes employees will continue to use their personal email and phone resources to attach files and connect using their personal devices because they think the company’s system is slow or inefficient.

Not only does that damage the company’s brand (implying their systems are inadequate), it also puts more data outside the control of the company. Lack of control is particularly scary for a company when that employee quits or is terminated.

You may encounter a situation where your customers are still emailing an employee on their personal email account and their emails go unanswered – or worse – the employee goes to a competitor, and brings those customers with him.

  1. Website hosting
Sometimes a business unit goes completely outside of IT to use a product-specific website with a third-party hosting provider. This provider then handles the name registration, site development, etc.

But if the employee in charge of this function leaves the company, you may realize you don’t even have ownership of the critical IP like the domain name, let alone the login credentials to try to manage the service. This could ultimately result in you losing control of a very valuable, intangible asset.

  1. Infrastructure and hardware
Most corporate IT is moving towards IaaS (Infrastructure-as-a-Structure). Sometimes, during the journey to migration, there are disagreements surrounding the best environment for data systems to be migrated to. If these disagreements are not resolved in time, there is an opportunity for projects to be deployed on incorrect, even multiple, infrastructures.

There has to be organization and a great deal of planning prior to deployment in order to reduce this risk. Hardware should also be monitored and planned for in order to ensure IT can support devices and that all devices are under regulation for a smooth migration.

Shadow IT presents significant risks to the business and challenges to IT when it infiltrates a business. With businesses embracing cloud computing like never before, it is becoming even more important to understand these risks as they often hide behind the immediate value certain services bring.

In theory, services such as online backup, project management, CRM, collaboration and social networking should be reducing the IT workload, working as an ally to IT; however, as we have shown above, specific applications cannot always be trusted with certain information.

Business users need to make cloud-based application buying decisions based on the right questions and planning. To learn more about which application metrics you should be looking at before migrating to the cloud, click here.