Out of the shadows

Shadow IT, the term given to the use of apps in businesses without the sanction of the company’s central IT department, is here. A study released by VMware of 3,000 office workers across Europe suggested that 37% of European IT decision...


Shadow IT, the term given to the use of apps in businesses without the sanction of the company’s central IT department, is here. A study released by VMware of 3,000 office workers across Europe suggested that 37% of European IT decision makers suspect staff have purchased cloud services without the IT department’s permission. The spend is estimated to be £1.4million per affected company.

Similarly, stats indicate shadow IT is going to stay. In that same VMWare study, nearly three quarters of IT decision makers across Europe suspecting off-radar cloud spend think it is beneficial. Of those, more than half (53%) noted that the ‘shadow app’ provided services that had been unavailable within the IT function. 38% noted that the ‘off-radar IT’ allowed the business to respond faster to customers’ demands. Employees are finding solutions in these shadow apps that allow them to do their jobs better.

Against this backdrop, how can IT wrestle back the control it needs? More specifically, how can IT departments do this without sacrificing the ability of business units and individuals to get the apps they want and need for work?

Problems that require a solution
To understand the solution, we need to first talk about some of the unique challenges created by shadow IT. Unmonitored, unsanctioned applications pose a serious threat for business networks and for business critical applications. Networks are like roads, operating at limited capacity. Inevitably shadow IT starts to compete with the business’s critical application traffic, putting core applications at risk.

Similarly, shadow IT cuts down on visibility for central IT departments. Unmonitored, unapproved, these ‘rogue’ applications operate on a sort of IT ‘black market’, one without any policing or regulation.

All these demands can be too much for legacy, static networks based on traditional ‘classes of service’ to cope with. The stress on networks from the mixture of applications, both monitored and unmonitored, puts the business’s key applications at risk. That same VMware study noted that 77% of respondents admitted shadow IT increases security threats.

Why blocking isn’t the answer

IT departments are struggling with how to handle shadow IT. To prevent shadow IT, companies need to deliver an excellent end-user experience with existing business apps. Yet even delivering high quality of service to the business apps, companies can’t avoid shadow IT. The growing usage of the internet implies that users will increasingly use applications coming from the cloud. Today is the era of consumerised apps.

In a study we conducted last year with Easynet, KillerApps 2013, we saw IT departments trying to handle one of the oldest types of shadow IT, social media, by blocking it altogether. 67% of European CIOs blocked Facebook. 49% blocked Twitter. These decisions were driven in part by a desire to free up the company’s bandwidth and IT networks, ensuring that business-critical apps were given priority instead.

Yet blocking isn’t the best solution. While it may stop the app from running over the corporate network, it can also impact and reduce employee productivity. The VMware study noted that employees engage with rogue apps to boost the competitive edge of their organisation, or to develop more efficient ways of working. Simultaneously, by limiting the resources and freedom available to employees, blocking shadow IT can create tension and frustration within the company.

So what can central IT departments do when networks are overloaded?

There are a couple options: IT departments could add more bandwidth, ‘developing the road’, so to speak; or they can install ‘police officers’ to monitor and control application traffic, and give first priority to business critical applications across their Wide Area Networks (WANs).

The first option is costly and often inefficient, making bigger pipes without really handling the problem and all the complications related to shadow IT. We often see that roughly 20% of a company’s bandwidth is used by business apps, while 80% is used by non-critical apps. This means that even as a company adds more bandwidth, this space will be used by recreational apps.

The second option relates to dynamic control, awareness, and overall application guarantees. IT departments need visibility of which applications are running across their networks. They need to be able to prioritise applications according to their business criticality. SAP, Oracle, and UC will receive top priority, while YouTube and Facebook will be ranked as low priority. Once these objectives are defined, the system has to adapt and adjust dynamically according to traffic and demand. No matter the increasing complexity, the company needs to be able to guarantee business application performance in all circumstances.

Let there be light
If we were to go back to the road example, these ‘police officers’ would be able to see key business critical applications as they travelled the network. They would be able to give a higher priority than other non-business traffic. This is where shadow IT comes in. By seeing which applications are flowing where, these police officers can monitor the ‘rogue’ apps. And then they can do something more: they can control them. In the same way the other apps were regulated based on the general amount of overall traffic and their priority, so can shadow apps can be controlled and authorised without impacting other business apps.

Here, IT departments aren’t stopping shadow IT. They are simply controlling it, and making sure new applications don’t interfere with key business tools. Employees can still use things like Dropbox, or YouTube, or any other tool that might help them in their job. Only they’re going to do it in a structured, transparent, and business responsible way. Indeed, those shadow apps that deliver business value, and that employees are using the most, can be incorporated and ensured by the IT department.

Simultaneously, by managing and monitoring all IP traffic, IT departments can communicate with staff to see why and how they’re using shadow IT. This will help the IT departments become more aligned with the business needs of end users.
The new reality is that shadow IT is happening. Companies have to be prepared to handle the new influx of apps and tools. They need to be in control. They need to know what these apps are, and what the end user is doing.

Béatrice Piquer-Durand, VP of Marketing, Ipanema Technologies

"Recommended For You"

Five ways to win friends among IT savvy staff Eight rules of network performance management