Keep a beady eye on your business's cloud service shopping If you believe the hype, it is only a question of time before every Tom, Dick and Harriet in your organisation becomes a tech decision maker who can spend your company's money, with the power to do so a mere click away. “Shadow IT”, the term emerging to describe the buying of IT and technology services without any central …
“People can go to a site, sign up to the Ts and Cs and subscribe to services with a credit card, bypassing IT. It is a reality,”
If it is their credit card why should the company worry about the cost.
In my company there is no way that any one individual can charge anything to the company credit card. To do so the have to get a signed authorisation from their department head, then take it along to the chief bean counter who will do the paying.
Firstly, even if the employee paid for the work related expense (and hopefully tried to claim it back later, to provide a trace) he has effectively introduced a new IT service or application into the company's infrastructure, which may or may not be a good idea.
Potentially happy scenario and outcomes:
1) Marketing department builds its own web server on Azure or MAAS (after begging for months). Successfully deploys new product offering, which then goes viral, raises revenues and everyone goes home in a Limo. Luddite CIO and board finally relent and define a new policy whereby individual departments will be allowed to use and manage IaaS or PaaS offerings, or even better, the existing IT department gets with the program and starts to successfully manage and deploy solutions for this type of service requirement.
Potentially unhappy scenario and outcomes:
1) A marketing (or other department) does the same as above. Employees then store valuable IP or embarrassing internal correspondance and docs on a poorly secured cloud server. Server gets hacked, company has massive egg on face and hopefully the right idiots are shown the door. CIO and board say "told you so!" and impose massive lockdown and witchhunt for anymore shadow IT. No one ever pronounces the C word again under penalty of death. Needless to say, the company somehow never discovers a way to put cloud services to good use.
Shadow IT and cloud (although I hate that word) technology can be successfully or poorly managed, just like any other tech. The secret is to find out where an XaaS technology or strategy can really add value, design a good solution, deploy it correctly and then manage it.
What makes this so hard to understand?
Having been on both sides now, I sympathise with both to some extent. I've seen Ethernet bodged in on the cheap by an electrician (coax in those days, and it didn't take kindly to getting stapled to the wall), departments balking at a tenner a month for their department's server to be included in the tape robot's nightly to-do list (then getting billed £500 for my time scraping the data off said server when it died suddenly with no backups) ... and I've been on the outside, seeing my department quoted thousands for a few hundred extra Gb of disk, thousands more for the use of an existing GbE port on an existing switch, a hundred a year to register a .uk domain.
TL;DR: In-house service provision should at least keep pace with what online services can offer the general public - and stop client departments ending up buying third-rate junk, too.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
