Mark Settle, Chief Information Officer, BMC Software
Employees today have wide access to outside IT resources that reside in the public cloud. Some examples include data analytics solutions and software development platforms. Because of the low upfront costs, ease of access with just a credit card, and fast delivery of resources, employees can obtain what they need on their own — without involving their organization’s IT department. This phenomenon is known as “Shadow IT.”
Shadow IT is not new. In the old days, before Amazon Web Services, people would find mysterious ways to get their hands on PCs that employees had left behind, and they would put PCs under their desks and turn them into servers. In many cases, the IT department was not aware of the presence of the PCs or the applications running on them.
Should IT organizations resist Shadow IT, or should they embrace it? From my experience as the CIO of a large software vendor, the best approach is to view external resources not as a threat but rather as a useful complement to internal resources. You must evaluate each service need individually to determine if it can be better served internally, externally, or through a combination of both.
There are certain workloads that are well-suited to the use of outside services, such as those that are transient in nature and require additional computing capacity. An example of this type of workload is scalability testing. Many BMC solutions are used by large enterprises; a commercial customer may deploy BMC’s server automation product (BSA) on tens of thousands of servers. Before we release updates or new versions of BSA, we perform scalability tests using BMC’s Cloud Lifecycle Management (CLM) platform. This involves taking the next version of the BSA product and implementing it on about 4,000 virtual machines. If we had to redeploy 4,000 virtual machines out of our total internal server pool of 13,000 machines it would be hugely disruptive to ongoing software development activities. So it’s important to be able to use somebody else’s compute capacity temporarily, such as from Amazon Web Services, and get access to significant computation capability when it is needed. CLM serves as a gateway for provisioning access to Amazon Web Services resources.
Conversely, in some situations the use of outside resources is disallowed. For example, information privacy concerns in the financial and healthcare industries rule out the use of external resources for many applications. Most situations lie somewhere between these two extremes.
This article presents some important considerations for using external resources and discusses our approach to addressing them.
What motivates people to bypass IT
It’s important to understand why employees bypass IT in the first place. Some people in business or operations teams prefer to do things on their own. These are typically closet technologists who sit outside the IT organization and, regardless of the capabilities of IT, prefer to build applications or conduct analyses on their own. Many of these people started out in IT and then moved on to other organizations, but they still consider themselves technologists.
Another reason that people sidestep IT is because IT may not always respond to users’ requests in a timely fashion. When that happens, software developers may go to outside sources for their development platform. CLM provisioning, however, easily enables IT to respond quickly to developer requests for server and storage assets. This leads to satisfied users and eliminates the need to circumvent IT.
Potential issues of Shadow IT
Outside resources are seductively easy and economical to acquire. But several issues arise. First is the security risk. An application developer using an outside development platform may extract corporate data and move it outside the corporate firewall, violating company policy and exposing the information to unauthorized access. Conversely, a developer may create data in an outside resource and import it into the enterprise, resulting in considerable confusion in reporting and ambiguity as to where the data was mastered. Also, the services may not meet their needs, or the user may not be configuring them properly to align with corporate best practices.
Shadow IT can also result in unnecessary costs. Unused internal capacity may have easily handled a job that was exported. Moreover, the person who exported the job takes on the responsibility of supporting it, and this may impact that person’s productivity in meeting his or her primary job responsibilities.
The road back to IT
In many cases, people who have resorted to shadow IT eventually come back to IT, and for a variety of reasons. In a classic scenario, a person outside IT has written an application and then leaves the company. People in the department using the application then solicit help from IT, saying “We have a Microsoft Access application that was written in-house, and it has become an integral part of our financial close process.” They need IT to help support that application.