'Bring Your Own Cloud' Leads To Chaos, Inefficiency
**Editor's Note: Have you helped a customer rein in BYOC run amok? Tell us about it and enter to win a 2015 Cloud Innovator award — deadline is July 15!**
By Ken Lienemann
The “shadow IT" phenomenon is accelerating, largely because cloud applications are easily and quickly self-provisioned. Employees and business units can sidestep IT processes and scheduling backlogs; why wait for IT to develop custom applications or evaluate and procure commercial systems to fulfill specific needs when you can simply expense a cloud service? This reality has given rise to the "bring your own cloud" phenomenon.
As a result, companies are adopting cloud services at a rapid pace — often with little visibility into the extent, risks or true cost.
There’s an alarming lack of awareness around the proliferation of unauthorized cloud use and how these applications are sourced. According to a recent survey by IDG Research Services, while 51 percent of participants express confidence that they have visibility into the use of cloud services, more than 40 percent admit such use is often discovered serendipitously during maintenance or upgrades of other applications. Additionally, 28 percent found out about cloud services when users contacted company helpdesks seeking support; 25 percent say expense-report reviews turned up unauthorized provisioning. Moreover, a report by the Cloud Security Alliance says that outside vendors observe more than 500 cloud apps on average, per enterprise — even in organizations believing they have an average of 23 applications running in the cloud for business use!
In this chaotic cloud environment, employees fail to adhere to IT policies or, in many cases, are acting in the absence of an IT policy. The results: unknown risks, lack of accountability, and rampant inefficiencies.
More than half of respondents in the IDG survey report that gaining visibility into cloud deployments and inventory across the enterprise is their biggest cloud management challenge, and it’s an area where partners have an incentive to help. A lack of visibility into cloud use means enterprises are paying far more than they should be; those are funds that are not going to new IT initiatives.
Beyond cost and efficiency issues, unsanctioned cloud use also creates uncertainty over whether network and data security could be compromised. Almost two-thirds (64 percent) of survey respondents cite potential security risks of unauthorized deployments as their top concern stemming from limited visibility into cloud deployments. Other worries include overlapping capabilities and services deployed across departments – for example, the marketing team could be using Box, while HR is using Dropbox and the legal department is using an enterprise-class cloud storage service like IntraLinks Via.
Solving BYOC and Shadow IT
Without intervention, your customers may find themselves mired down with bloated infrastructures, poor performance, and a lack of control over security. With shadow IT applications in the mix, IT often doesn’t know where all that expensive WAN bandwidth is going.
While the lure of BYOC is clear, it’s also important to highlight the risk it can bring for employees. If corporate data is accidentally leaked, whether through carelessness or a personal account being hacked, employees can face termination while the company takes a black eye and, again, must divert funds for cleanup.
If customers do decide to allow end users to bring their own cloud applications, it’s important that you help them ensure the services have the necessary controls to keep data safe, including understanding the terms and conditions of the service as to what rights the application has to the data.
The fact is, many cloud applications lack the security controls necessary to be enterprise ready. Partners need to help IT teams be prepared for what they don’t know. At minimum, advise customers to:
- Constantly be on the lookout for traffic indicating new applications and services that might affect the enterprise.
- Take inventory of all the cloud applications employees are currently using and determine how each affects the integrity of the company’s data. Share this info with employees and business leaders so everyone understands the risks.
- Partner with the CFO and finance to look at each department’s budgets and expense reports and determine which applications and services are being used without IT’s knowledge. This can yield eye-opening information that can be used to make strategic decisions about what services are necessary and how many seats are needed.
- See whether there’s a secure, enterprise-class option either already in place or available. Without centralized visibility, it is easy to lose track of licenses so they sit idle rather than being reassigned, but the company is still being charged. From a security perspective, with no controls or visibility in place, former employees may be able to retain log in privileges and access proprietary information long after they’re departed.
Ken Lienemann is the SVP of marketing at Tangoe and brings over 16 years of experience. Based in Atlanta, Ken is a graduate of West Virginia University with a degree in Mechanical Engineering.