how to bring shadow it to the light
TRANSCRIPT
2
A dynamic in which end users obtain IT solutions from cloud
service providers without informing Corporate IT.
What is Shadow IT?
www.rackspace.com
3www.rackspace.com
Why Does Shadow IT Exist?
• Flexible solutions• Faster delivery• Greater freedom
End Users Want...IT Leaders Want...
• Control of all computing assets and information to
- Protect data- Reduce business risk
5
www.rackspace.com
Yet...
2014 State of the CIO Survey
(722 IT leaders surveyed)
IT leaders said they feel IT projects done without
IT involvement are creating problems.
4 5OUTOF
7
$
According to Gartner, 80-85% of most enterprise IT budgets are consumed just by “keeping the lights on.”
Because cloud delivers time and cost benefits, IT leaders must take a balanced view so as not to be seen as a barrier to innovation
Step 1. Take a Balanced View of Shadow IT
www.rackspace.com
8
Consider the ideal outcome
•Users= Cloud services with IT support, should issues arise
• IT = Minimal security risk; IT as a service broker
Business gets flexible, on-demand cloud services that adhere to IT’s high standards of security and data governance
Step 2. Define What It Means to Bring Shadow IT into the Light
www.rackspace.com
9
50%+
PWC Survey, 2011
Shadow IT is prevalent in most organizations
Step 3. Quantify the Shadow IT in Your Enterprise
www.rackspace.com
20%
CIO Estimates2013
35%
Gartner Predictsby 2015
40%
CEB Survey, 2013
Sources: ComputerWorld UK, Gartner, Forbes.com, ComputerWorld
The Size of Shadow IT – Four Estimates
10
Step 3. Quantify the Shadow IT in Your Enterprise
www.rackspace.com
Easy tactics to evaluate your Shadow IT problem:
1. Review bills with the cooperation of your accounting department – Accounts Payable and expense reports will typically reveal ongoing cloud services charged to the company.
2. Use a network scanning and detection tool – Apps have been written expressly to help IT teams uncover shadow IT
3. Examine your actual outbound traffic reports – Look for large, frequent or unexplained interactions with off-premises services
11
Step 4. Educate Teams About the Business Risks
www.rackspace.com
• Average cost of a data breach to a U.S. company was $188 per compromised database record
• Average cost of lost business to U.S. companies was over $3m per incident
2013 Cost of Data Breach Study
12
Step 4. Educate Teams About the Business Risks
www.rackspace.com
Sample internal education efforts• Write and publish IT security warnings to company intranets• Compile threat statistics into charts and disseminate them at management meetings
• Most effective – An informal 1:1 IT?LOB meeting to explain the risks
13
Step 5. Meet Individually With Each LOB Manager
www.rackspace.com
Meeting goal – Understand how IT can enable a group of business users to use the cloud safely
Sample 1:1 IT/LOB Meeting Agenda• We know some of your people are using cloud services without IT’s approval• Here is the risk to the company:
–A big part of IT’s job is to safeguard the data with which we’re entrusted
–We’d like to find a way to give your people what they need, while we do our job of protecting our data
14
Step 6. Consider Data Security Options
www.rackspace.com
Establish a cloud governance framework to evaluate all prospective cloud providers
Only vendors that meet these published security standards can earn a spot on the list of company-approved cloud service providers (CSPs)
15
Step 6. Consider Data Security Options
www.rackspace.com
Six common architectural elements proven effective in safeguarding sensitive data in the cloud:• Dedicated Firewall – First line of defense against external attack
• Intrusion Detection System – Real-time IT visibility into potential threats
• Vulnerability Assessment – Identifies exploitable weaknesses in the system
• Web Application Firewall – Blocks non-essential traffic from reaching application layer; protects apps from malicious code
• Load Balancers – By normalizing TCP traffic, lessens the vulnerability of any individual server; easier to detect evasion network attacks
• Log Management – Beyond audit and accountability, logs help IT respond to attacks and shorten recovery times
16
Step 6. Consider Data Security Options
www.rackspace.com
More details available in white paper:
“Reference Architecture:
Enterprise Security in the Cloud.”
http://www.rackspace.com/blog/reference-architecture-enterprise-security-for-the-cloud/
17
Step 7. Publish an Official Catalog of Supported Apps
www.rackspace.com
• Categorize catalog by department and cloud functions
• Provide clear, step-by-step instructions on how to provision a new instance
• Include list of managers with authority to purchase cloud services and assign permissions to users
• Make popular apps available through your enterprise portal or set up an enterprise/company app store
18
Step 8. Keep Up the Momentum
www.rackspace.com
•Continue to meet with LOB managers to assess satisfaction with the selection of cloud services available in your catalog or portal
•Anticipate and pre-offer cloud services, based on the most-requested features
•Repeat steps 3, 4 and 5 quarterly
When You Bring Shadow IT into the Light
Greater agility and the confidence that acceptable standards of security and compliance are
maintained
IT Leaders Gain… End Users Gain...
Greater agility and the confidence that they can access the apps they
want and need on demand
21
Next Steps...
www.rackspace.com
Rackspace consultants have years of experience helping CIOs get control of Shadow IT, while giving managers and end users the services they want.
Contact Rackspace or read more at:
How to Bring Shadow IT into the Light - White Paper
Call Rackspace at 800-961-2888 to get started today.
22www.rackspace.com
About Rackspace
9 Worldwide Data Centers
5,000+ Rackers
200,000+ Customers90,000+ Servers26,000+ VM
70 ≅ PB Stored
Global FootprintCustomers in 120+ Countries
Portfolio of Hosted SolutionsDedicated - Cloud - Hybrid
Annualized RevenueOver $1B
60% 100OFTHE
We Serve FORTUNE®
OV
ER
23www.rackspace.com
About Rackspace
Named a Top Performer for Hosted Private Cloud by Forrester Research Inc. in “The Forrester Wave™: Q1 2013
A Leader in the Magic Quadrant for Cloud-Enabled Managed Hosting, 2014 North America & Europe
Founder
OpenStack®
Open source software for building private and public clouds
THANK YOU
RACKSPACE® | 1 FANATICAL PLACE, CITY OF WINDCREST | SAN ANTONIO, TX 78218
US SALES: 1-800-961-2888 | US SUPPORT: 1-800-961-4454 | WWW.RACKSPACE.COM
© RACKSPACE LTD. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN THE UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COM
Copyright 2014