Inside The Shadows Of SHADOW IT

Inside The Shadows Of SHADOW IT

SHADOW IT 

Recent NASA audit report brings an interesting perspective on IT & Cloud Governance.

A recent report from the office of the inspector general of NASA regarding the adoption of cloud computing technologies across the organization provide an interesting look at the phases NASA is going in cloud computing adoption. NASA was a cloud pioneer with the development of OpenStack cloud platform and project Nebula for providing private cloud services. Currently 10% of NASA 1.5 Billion $ IT budget is spent on cloud computing, but the prediction is that in the next 5 years all NASA public data will move to the public cloud and 75% of all new IT program will begin in the cloud.

The Inspector General report uncovers that several NASA applications moved into the cloud without the knowledge and authorization of the office of the CIO. On one occasion, two moderate impact applications “moved to a public cloud and operated for 2 years without authorization, a security or contingency plan, or a test of the system’s security controls.”

On other occasions, the inspector general reviewed 5 different contracts for the procurement of cloud services and found they “failed to fully address the business and IT security risks unique to the cloud environment“.

Cloud governance is a challenge to all CIO’s. NASA is no different although one can imagine that if this is how things are for NASA (a respectable organization in all terms) then what is the situation for others?

Shadow IT is not a new phenomenon, but cloud computing surely contribute for it heavily. According to Gartner, in 2015, 35% of organizations overall IT spending will be managed outside of the IT department. Cloud offerings that target the business users of the organizations by providing fast flexible solutions without the pains of involving the IT department are responsible for the majority of those “hide from IT” spending.

Not everyone thinks that Shadow IT is bad. Some researches indicate that Shadow IT promote innovation in the business and allow the business users to reach their goals faster. PWC 2013 digital IQ survey demonstrates a strong linkage between being “strong performer” and reduced control on IT spending.

In NASA report, the inspector office finds that lack of “enterprise-wide cloud-computing strategy” caused some of the failures described in the report. The slow adoption of such a program resulted in systems migrating to the cloud without authorization or proper risk management process.

So what lessons should be learned from the report? That lack of cloud strategy is the worst possible option. The business users across the organizations will continue to search for fast and flexible solutions for their applications, and SaaS vendor will continue to target them and bypass IT functions. Lack of cloud strategy will result in application moving to the cloud without any authorization and knowledge of IT functions and probably without any risk management at all. CIO’s across the globe should understand that formalizing cloud strategy today is not an option, it is a must.

(Image Source: Shutterstock)

By Moshe Ferber,

Moshe Ferber is an entrepreneur and security expert, with 20 years’ experience in information security.  Mr. Ferber has focused on various aspects of cloud technology as an entrepreneur and investor. After founding cloud7, a Managed Security Services Provider, He is also invested in startups FortyCloud and Clarisite –  innovative solutions for information security and governance. For more information can be found at www.onlinecloudsec.com.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Cukes and the Cloud

Cukes and the Cloud

The Cloud, through bringing vast processing power to bear inexpensively, is enabling artificial intelligence. But, don’t think Skynet and the Terminator. Think cucumbers! Artificial Intelligence (A.I.) conjures up the images of vast cool intellects bent on our destruction or at best ignoring us the way we ignore ants. Reality is a lot different and much…

Ransomware’s Great Lessons

Ransomware’s Great Lessons

Ransomware The vision is chilling. It’s another busy day. An employee arrives and logs on to the network only to be confronted by a locked screen displaying a simple message: “Your files have been captured and encrypted. To release them, you must pay.” Ransomware has grown recently to become one of the primary threats to…

InformationWeek Reveals Top 125 Vendors Taking the Technology Industry by Storm

InformationWeek Reveals Top 125 Vendors Taking the Technology Industry by Storm

InformationWeek Reveals Top 125 Vendors Five-part series details companies to watch across five essential technology sectors SAN FRANCISCO, Sept. 27, 2016 /PRNewswire/ — InformationWeek released its list of “125 Vendors to Watch” in 2017. Selected by InformationWeek’s expert editorial team, the companies listed fall into one of five key themes: infrastructure, security, cloud, data management and…

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Connected Vehicles From cars to combines, the IoT market potential of connected vehicles is so expansive that it will even eclipse that of the mobile phone. Connected personal vehicles will be the final link in a fully connected IoT ecosystem. This is an incredibly important moment to capitalize on given how much time people spend…

Embedded Sensors and the Wearable Personal Cloud

Embedded Sensors and the Wearable Personal Cloud

The Wearable Personal Cloud Wearable tech is one avenue of technology that’s encouraging cloud connections and getting us all onto interconnected networks, and with the continued miniaturization and advancement of computing the types of wearable tech are always expanding and providing us with new opportunities. A few years ago, smartwatches were rather clunky devices with…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…

LAVABIT, EDWARD SNOWDEN, AND THE LEGAL BATTLE FOR PRIVACY

LAVABIT, EDWARD SNOWDEN, AND THE LEGAL BATTLE FOR PRIVACY

The Legal Battle For Privacy In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans. It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US,…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

Cloud Computing Checklist For Startups

Cloud Computing Checklist For Startups

Checklist For Startups  There are many people who aspire to do great things in this world and see new technologies such as Cloud computing and Internet of Things as a tremendous offering to help bridge and showcase their ideas. The Time Is Now This is a perfect time for highly ambitious startups to make some…

12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services Business Intelligence (BI) services have recently seen an explosion of innovation and choices for business owners and entrepreneurs. So many choices, in fact, that many companies aren’t sure which business intelligence company to use. To help offer you a solution, we’ve compiled a list of 12 Business Intelligence companies…

Cloud Infographic – Guide To Small Business Cloud Computing

Cloud Infographic – Guide To Small Business Cloud Computing

Small Business Cloud Computing Trepidation is inherently attached to anything that involves change and especially if it involves new technologies. SMBs are incredibly vulnerable to this fear and rightfully so. The wrong security breach can incapacitate a small startup for good whereas larger enterprises can reboot their operations due to the financial stability of shareholders. Gordon Tan contributed an…

Are Women Discriminated Against In The Tech Sector?

Are Women Discriminated Against In The Tech Sector?

Women Discriminated Against In Tech Sector It is no secret that the tech industry is considered sexist since most women are paid less than men; there are considerably fewer women in tech jobs; and generally men get promoted above women. Yet the irony is twofold. Firstly, there is an enormous demand for employees with skills…

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

Who’s Who In The Booming World Of Data Science

Who’s Who In The Booming World Of Data Science

The World of Data Science The nature of work and business in today’s super-connected world means that every second of every day, the world produces an astonishing amount of data. Consider some of these statistics; every minute, Facebook users share nearly 2.5 million pieces of content, YouTube users upload over 72 hours of content, Apple…