Stealth Cloud – Arming IT Professionals with the Ability to Manage Shadow IT
It is imperative that the IT team is armed with the ability to manage and reduce this shadow IT as quickly as possible. The following are internal processes that might silently feed the stealth cloud, and should be monitored:
- Backup storage
When that shared data is corporate intellectual property, there are severe implications for security and management.
- Third party file transfers
This information generally should not be stored on third-party systems. If your company does choose to store it on a third party, you should wait until there is a contract in place to ensure the integrity, confidentiality, and availability of that data is guaranteed.
- Use of personal email and telephone
Not only does that damage the company’s brand (implying their systems are inadequate), it also puts more data outside the control of the company. Lack of control is particularly scary for a company when that employee quits or is terminated.
You may encounter a situation where your customers are still emailing an employee on their personal email account and their emails go unanswered – or worse – the employee goes to a competitor, and brings those customers with him.
- Website hosting
But if the employee in charge of this function leaves the company, you may realize you don’t even have ownership of the critical IP like the domain name, let alone the login credentials to try to manage the service. This could ultimately result in you losing control of a very valuable, intangible asset.
- Infrastructure and hardware
There has to be organization and a great deal of planning prior to deployment in order to reduce this risk. Hardware should also be monitored and planned for in order to ensure IT can support devices and that all devices are under regulation for a smooth migration.
Shadow IT presents significant risks to the business and challenges to IT when it infiltrates a business. With businesses embracing cloud computing like never before, it is becoming even more important to understand these risks as they often hide behind the immediate value certain services bring.
In theory, services such as online backup, project management, CRM, collaboration and social networking should be reducing the IT workload, working as an ally to IT; however, as we have shown above, specific applications cannot always be trusted with certain information.
Business users need to make cloud-based application buying decisions based on the right questions and planning. To learn more about which application metrics you should be looking at before migrating to the cloud, click here.