Monday, September 2nd, 2013
Cloud computing isn’t exactly rocket science, and, as NASA recently found out, that’s exactly the problem. According to an audit report that came out in the end of July, several computer systems within the National Aeronautics and Space Administration (NASA) were operating in the public cloud without the agency’s CIO knowing about or authorizing it. A combination of more technically savvy employees and the ease of setting up cloud computing services has led to a problem called shadow IT– when business units, in order to solve business problems that aren’t being addressed by internal IT departments, employ their own cloud initiatives outside the knowledge and supervision of the internal IT department.
1. Develop a clear and understandable policy.
Many departments that have engaged cloud computing solutions without the consent of the IT department have done so because they didn’t know they couldn’t. Companies need to address this problem with a clear policy and ensure that adherence is a priority within their companies. This means it needs backing from the C-suite and complete buy-in from the chain of command.
2. Ensure communication channels are open .
Often the reason behind shadow IT purchases happen because a particular department feels that their own IT department are not addressing their concerns. Ensure that communication channels from departments to IT are open and collaborative. Perhaps schedule dedicated monthly meetings to address these concerns, or have a person dedicated as the “go-to” person for cloud computing purchases. Which brings us to the next point…
3. Make it easy to employ a cloud solution .
Another reason many departments circumvent IT is that the process of approval takes too long and can be very cumbersome. Develop a concise and easy-to-follow process for getting approval to use cloud solutions. Also, IT departments can be proactive and develop a list of pre-approved cloud computing solutions that it has vetted.
4. Be vigilant .
Even with many of these ideas in place, there may still be a situation in which a business group begins using a cloud computing solution without IT’s approval. Not only can this pose a problem for the company’s internal systems (viruses, data corruption, etc.), but it could also hurt them from a financial standpoint if the shadow IT solution being used is not secure or somehow makes customer data vulnerable. Monitor proxy logs regularly to see which sites are being visited consistently to help try to identify possible unauthorized cloud computing violations. Also, check corporate card purchases. Most shadow IT deployments are charged to corporate credit cards and then expensed by the business unit.
Shadow IT is by no means a problem unique to NASA. In fact, according to Gartner, “by 2015, thirty-five percent of enterprise IT expenditures for most organizations will be managed outside the IT department’s budget.” However, with some pro-active steps, IT departments can force rogue IT purchases out of the shadows and regain control.