shadow-IT

Inside The Shadows Of SHADOW IT

SHADOW IT 

Recent NASA audit report brings an interesting perspective on IT & Cloud Governance.

A recent report from the office of the inspector general of NASA regarding the adoption of cloud computing technologies across the organization provide an interesting look at the phases NASA is going in cloud computing adoption. NASA was a cloud pioneer with the development of OpenStack cloud platform and project Nebula for providing private cloud services. Currently 10% of NASA 1.5 Billion $ IT budget is spent on cloud computing, but the prediction is that in the next 5 years all NASA public data will move to the public cloud and 75% of all new IT program will begin in the cloud.

The Inspector General report uncovers that several NASA applications moved into the cloud without the knowledge and authorization of the office of the CIO. On one occasion, two moderate impact applications “moved to a public cloud and operated for 2 years without authorization, a security or contingency plan, or a test of the system’s security controls.”

On other occasions, the inspector general reviewed 5 different contracts for the procurement of cloud services and found they “failed to fully address the business and IT security risks unique to the cloud environment“.

Cloud governance is a challenge to all CIO’s. NASA is no different although one can imagine that if this is how things are for NASA (a respectable organization in all terms) then what is the situation for others?

Shadow IT is not a new phenomenon, but cloud computing surely contribute for it heavily. According to Gartner, in 2015, 35% of organizations overall IT spending will be managed outside of the IT department. Cloud offerings that target the business users of the organizations by providing fast flexible solutions without the pains of involving the IT department are responsible for the majority of those “hide from IT” spending.

Not everyone thinks that Shadow IT is bad. Some researches indicate that Shadow IT promote innovation in the business and allow the business users to reach their goals faster. PWC 2013 digital IQ survey demonstrates a strong linkage between being “strong performer” and reduced control on IT spending.

In NASA report, the inspector office finds that lack of “enterprise-wide cloud-computing strategy” caused some of the failures described in the report. The slow adoption of such a program resulted in systems migrating to the cloud without authorization or proper risk management process.

So what lessons should be learned from the report? That lack of cloud strategy is the worst possible option. The business users across the organizations will continue to search for fast and flexible solutions for their applications, and SaaS vendor will continue to target them and bypass IT functions. Lack of cloud strategy will result in application moving to the cloud without any authorization and knowledge of IT functions and probably without any risk management at all. CIO’s across the globe should understand that formalizing cloud strategy today is not an option, it is a must.

(Image Source: Shutterstock)

By Moshe Ferber,

Moshe Ferber is an entrepreneur and security expert, with 20 years’ experience in information security.  Mr. Ferber has focused on various aspects of cloud technology as an entrepreneur and investor. After founding cloud7, a Managed Security Services Provider, He is also invested in startups FortyCloud and Clarisite –  innovative solutions for information security and governance. For more information can be found at www.onlinecloudsec.com.

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading programs.

The Lighter Side Of The Cloud - Without A Signal
The Lighter Side Of The Cloud - Machine Learning
The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have ...
How to Improve the Backup Success Rate of Data Centers?

How to Improve the Backup Success Rate of Data Centers?

Improve Backup Success Rate According to industry analysts, a significant number of backup jobs (from 5 to 25%) are failing ...
Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices With workplace mobility now a way of life and companies investing in cloud-based ...
Finding and Implementing Startup Tools

Finding and Implementing The Right Tools For Your Startup

Implementing Startup Tools Many startups believe implementing cloud tools help reduce operation costs as well as the time taken to ...
Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure ...
The Innovation of Automation Has Fueled the Fear of Machines Stealing Jobs

The Innovation of Automation Has Fueled the Fear of Machines Stealing Jobs

Automation and Job Creation What happens when humankind makes a machine more intuitive and efficient than itself? A wake of ...
Amazon to build new fulfillment center in Ottawa, create 600 jobs

Amazon to build new fulfillment center in Ottawa, create 600 jobs

(Reuters) - Amazon.com Inc said on Tuesday it planned to build a new fulfillment center in Canada’s capital Ottawa that would create more than 600 full-time jobs. The center, which is the company’s fifth in ...
New Rackspace Application Services for Databases: “Any Database, Any Deployment, Any Service Level”

New Rackspace Application Services for Databases: “Any Database, Any Deployment, Any Service Level”

Rackspace has been offering enterprise-class database services for more than a decade. Today, we’re taking that service to a new level, with our “any database, any deployment, any service level” approach, which meets customers wherever ...
Coupa selected by Zurich Insurance to transform its business spend

Coupa selected by Zurich Insurance to transform its business spend

SAN MATEO, Calif., July 12, 2018 (GLOBE NEWSWIRE) -- Coupa Software (NASDAQ: COUP), a leader in business spend management (BSM), today announced that Switzerland’s largest insurer and global top 100 company, Zurich Insurance Group (Zurich), ...