[EN} Shadow IT: Rampant, Pervasive, and Explosive, says Cisco
January 19, 2016
To shed light on shadow IT cloud use, we analyzed actual network traffic data and statistics garnered from Cisco Cloud Consumption Service engagements with large enterprise customers six months ago and again at the end of 2015. The conclusion: the shadow IT challenge is rampant, pervasive, and growing explosively.
Shadow IT is indiscriminate. It is found in every industry, in every organization (even those who block internet traffic), and in organizations of all sizes. The average large enterprise now uses 1,220 individual cloud services, up from 730 six months ago. That’s up to 25 times more than recognized by IT—who estimate that they are using 91 public cloud services. The number of cloud services used by large organizations has grown an astonishing 67 percent over the past six months, and 112 percent over the past year.
We’re essentially witnessing a democratization of IT. The business groups have spoken and they want the flexibility and innovation cloud services can deliver. There’s no turning back the clock here. In fact, a recent IDC study commissioned by Cisco clearly shows an optimized cloud strategy delivers dramatic business benefits. But only 10 percent of organizations have a proactive cloud strategy, with only 1 percent fully optimized. This means that 90% of the market has reactive, fragmented strategies.
Risks Hiding in the Shadows
The uncoordinated use of public cloud can leave the business open to a wide range of risks. Our customer engagements helped us identify the top five business risks:
As cloud services are increasingly used to support business operations, service disruptions can have a significant impact. Service disruptions can result from planned and unplanned outages, disasters, or from inability of a cloud provider to meet acceptable recovery times.
There is also a potential for a cloud provider to cease operations due to financially-based shut-down, acquisition, or other operational failure. Based on financial viability scores provided by Dunn and Bradstreet, we have found that 26% of cloud providers used by Cloud Consumption customers are ranked very high or high risk of ceasing operations in 12 months. That is one out of every four vendors! If a vendor you were using ceased operations, could you replace them quickly or retrieve your data in a timely manner?
With more critical data residing in the cloud, it is vital for organizations to ensure that business data (customer, employee, partner) is being protected from malicious acts. The first step is to ensure you are using vendors with a strong track-record of data protection and adequate policies. Could you identify vendors who might pose a risk to your data protection policies? The cloud can be extremely secure, but all cloud services aren’t created equal. You’d be surprised at how many high-risk vendors you might be using. Cloud Consumption customers discover they are using an average of 44 high-risk services.
CIOs are responsible for ensuring that cloud services being used by their organization follow policies that would keep the organization compliant with regulations as well as understand what services they are using might be included in an audit. Of the top 100 cloud services used by Cloud Consumption customers, 60% are subject to major regulatory compliance issues and contain data that would be subject to an audit. (The four major regalatory complaince issues are financial reporting/SOX, Protected Health Information/HIPPA, Payment Card Industry, and FedRAMP) If you have an audit coming up, would you understand what services might be included?
Increasingly, lines of business are making purchasing decisions often without oversight for IT. As every company becomes a technology company and budgets shifts to line of business, organizations are faced with runaway cloud spend. Why? They are spending money on redundant services and are facing hidden costs.
Do you know how much your organization is actually spending on cloud? Are you negotiating discounts on behalf of the entire business?
One of the quick wins our customer have found is around redundant cloud services. Organizations are often using multiple service providers that offer similar functionality. We have found that customers on average use:
92 hosting services to gain internet access
84 marketing and sales services
71 financial services such as banking and tax cloud applications and hosted insurance
61 compute services for running cloud-based systems
51 collaboration services like video & web conferencing, on-line training, education, and desktop sharing (not including social media)
46 cloud storage services to store unstructured data (not including backup and recovery)
37 office productivity services to produce documentation or manage projects
36 business intelligence services such as dashboards, reporting systems, scenario modelling, and data analysis
Organizations have ineffective capabilities to monitor performance against service level agreements and are challenged to determine if they are receiving what they paid for. This problem is magnified when lines of business rather than IT are overseeing negotiations and might not be aware of contract pitfalls. Do you know if your providers are meeting their SLAs?
"Based on financial viability scores provided by Dunn and Bradstreet, we have found that 26% of cloud providers used by Cloud Consumption customers are ranked very high or high risk of ceasing operations in 12 months."