Out of the Shadows: Making a Decentralized Approach to IT for Business
November 12, 2012 Leave a comment
- Flexibility is one of the prime benefits of a cloud-based IT consumption model, giving IT and non-technical employees capacity when they need it. This access to resources enables organizations to execute new projects quickly and respond to fast-changing market dynamics.
- This appealing model has risks for the IT organization – issues around manageability and control are a natural byproduct of shadow IT.
While cost reductions are often the main driver for cloud adoption today, elasticity and accessibility distinguishes cloud from traditional methods. Organizations of many sizes gravitate toward the cloud to make it easier for individual business units and employees to tap IT resources to support organizational goals. Cloud can facilitate a more improvisational approach to technology and project management, allowing even non-technical users to dial up and down server and storage capacity for short term or cyclical projects.
A downside to distributed and ad hoc IT delivery is shadow IT. Shadow IT can destabilize IT operations and risks integrity and security of critical corporate assets.
Unfortunately, policies that restrict access to cloud services may keep the best cloud attributes beyond reach of those that need them. And, as organizations that dealt with decentralized IT in the past have learned, an ultra-restrictive policy on cloud computing use may ultimately be unenforceable as users find ways around controls that block access.
So what can IT organizations do to balance accessibility and control? The first step is awareness of cloud activities, bad and good, in various departments. Is marketing relying on insecure cloud services for new campaigns? Are individual developers spinning up new public cloud servers to test a new accounting application? Are sales cutting expenses by using a new cloud-based travel and entertainment expense management application?
Next, set realistic policies with respect to cloud use. Perhaps listing sanctioned services, or at least baseline security, pricing, and performance criteria. Finally, communicating this information to employees in clear language. This is appropriate support in the rapidly changing playing field.