Fast, robust deployments, little bureaucracy fuels shadow cloud use
- By John K. Waters
- Jun 27, 2017
Shadow IT is evolving as users move their work into the cloud.
After years of combatting use of cloud services like DropBox and Evernote, enterprise IT managers now find that the virtually unlimited compute and storage resources available in the cloud are luring researchers looking for low-friction ways to work with big data.
The cloud "offers a kind of instant gratification and nimbleness that is very good for research," said Erik Deumens, research computing director at the University of Florida, a large public research university in Gainesville.
Additionally, cloud providers market their offerings directly to government and academic researchers. Amazon's AWS Research Cloud Program promises to help them to "focus on science, not servers." Microsoft's Azure 4 Research program claims that its cloud platform "can help with almost any research computing task." Google sees itself as a supporter and participant in the research community, and promotes programs that provide funding for research enabled by the Google Cloud Platform.
These are effective pitches, and they're getting researchers' attention for obvious reasons: fast deployments and no bureaucracy, said Patrick Mungovan, VP of Oracle's Higher Education, Research and Academic Medical Center Technology Sales group.
"If you look at what cloud does, it can be an incredible enabler for university researchers," he said. "The types of research we're seeing these days cross a variety of disciplines, and a lot of them utilize sensor data and the internet of things, which generate a staggering amount of data. The cloud is really the only thing that provides the bursting ability that allows researchers to take on massive amounts of information and stand it up or stand it down, depending on what they want to do with it."
The ability to stand up a cloud environment in minutes without IT department oversight does come with risks. According to IT industry analysts at Gartner, by 2020 more than a third of successful attacks on organizations will be accomplished through their shadow IT resources. But it's important to keep in mind that Gartner's prediction isn't a knock against cloud computing, per se, but a reminder of the risks posed by IT assets that are essentially invisible to the IT department.
"The thing that people forget," Deumens said, "is that once you get a virtual machine from Amazon, you own it and you're responsible for its configuration and its system administration. That's okay if all you have are simple problems, but what happens when bigger problems arise, when security is not done properly, when patches aren't applied, or when there are new mandates on properly managing restricted data? Some of this stuff is really hard, and that's when shadow IT becomes a real risk."
Gartner's prediction suggests that shadow IT will be with us for the foreseeable future, which makes old strategies for rooting out and eliminating unmanaged technologies seem like futile exercises. In fact, Gartner recommends establishing a culture of "acceptance and protection versus detection and punishment" to organizations looking for solutions to their shadow IT challenges.
"Don't think about limiting access, but filtering access and establishing a base-level control gate," Mungovan suggested.
A longer version of this article was first posted on Campus Technology.
John K. Waters is a freelance writer based in Silicon Valley.