SAM and Shadow IT in the Cloud

July 26, 2018
Gabe Honesto

Author

Gabe Honesto

Consumers have become accustomed to having technology available to them instantly. When an issue arises, chances are that a quick search will yield an application or solution that can solve the problem in a more efficient way than if done manually.

This same mentality, known as IT consumerization, has permeated the workforce. If an individual, or even an entire department, has an issue, they find a solution that will help streamline or automate the process and begin using it within their corporate networks. The solutions that employees independently purchase are known as shadow IT.

What is Shadow IT?

Shadow IT refers to technology that has been procured outside of official organizational channels and is therefore not managed by the IT team. Though these solutions may help to optimize employee workflows, shadow IT can also put organizations and their data at greater risk.

With the increase in cloud adoption and prevalence of SaaS applications, shadow IT has become even more prolific across industries. Cloud based solutions are easy to access and pay for, causing an exponential increase in the number of different cloud solutions used by employees. A recent survey revealed that 96 percent of enterprises use the cloud, whether public or private, with Azure adoption growing fastest. Organizations run applications in an average of 4.8 clouds,  with a separate study finding 48 percent of users use applications not sanctioned by IT.

Additionally, as IT teams transition workflows from on-premises data centers to the cloud, they have to manage their inventory and entitlements to ensure they are not over or under provisioning their cloud investment. Plus, for regulatory reasons, many must keep an up to date inventory of the applications within their network. However, if they are unware that an application is being used at the organization, they cannot manage it. This is why many businesses are turning to Software Asset Management (SAM) to help mitigate the effects of shadow IT.

SAM in Cloud Environments

With the advent and adoption of cloud, SAM programs seemed unnecessary to organizations. This is because SAM has long been associated with avoiding software piracy and costly software audits. The scalable subscription model used by many cloud applications makes it simple to increase and pay for licenses, lessening the perceived need for SAM.

However, SAM programs are still pivotal in cloud environments, especially as instances of shadow IT grow. Aside from governance, SAM can help manage other risks brought on by shadow IT. Namely, security, compliance, and spend.

  • Security

Shadow IT presents many security risks to organizations. When IT teams have no way to manage the use of these applications, they cannot ensure they are up-to-date with necessary patches. They also have no visibility into where data is being stored, or if it is encrypted. This can lead to data breach or leakage, as 18.1 percent of documents uploaded to cloud services contain private information.  If an unsanctioned application has a vulnerability, this could be an easy entryway for a data breach.

  • Compliance

Similarly, organizations in many industries are bound to regulatory compliance standards, such as the impending General Data Protection Regulation (GDPR), which imposes strict regulations on how data in the EU (or those companies that conduct business with clients in the EU) can be shared and stored. As IT teams amplify security in on-premises and cloud environments to ensure compliance, their lack of visibility into shadow IT could place them out of compliance, leading to crippling fines. For example, if an employee was storing restricted data on their own SaaS storage platform, this could lead to noncompliance with data regulations.

  • Spend

SAM has always been focused on optimizing spend. Cloud use can offer savings, however it can also present companies with unforeseen costs. A common occurrence of this with shadow IT is when business units purchase a solution for the department without going through procurement channels. This leads to additional consumption that had not been accounted for in the budgets and doesn’t enable the procurement team to maximize volume discounts.

Final Thoughts: Mitigating Shadow IT with SAM

It is unlikely that IT teams will be able to fully stop instances of shadow IT from occurring. For many, the solution has been to account for cloud overprovisioning in their budget and increase security controls.  However, the most effective way to stop overspend and get an understanding of the threat landscape is through asset discovery in both on-premises and cloud environments.

Effective cloud management requires knowledge of what applications are in use and how they are used. Failure to manage cloud application usage can result in costly problems ranging from data breaches, loss of intellectual property, increased licensing costs and missed savings in procurement. SAM allows organizations to discover and monitor uses across distributed environments to ensure these problems don’t impact your business.

Learn how SoftwareONE helps organizations mitigate shadow IT and secure cloud environments.

Leave a Reply