shadow it risk and reward
TRANSCRIPT
Embrace Shadow IT
September 2014
Chris Haddad@cobiacomm
http://blog.cobia.net/cobiacomm
Embrace Shadow IT
• Why Teams Lean Towards Shadow Activity• Trends Impacting IT Budget and Centralized
Enterprise IT Authority • The Enterprise IT Delivery Gap• Building a Common Team Mindset
Who is Shadow IT?
Image Source: : http://www.apriso.com/blog/wp-content/uploads/2012/08/Shadow_IT_continued.jpg/
Who is Shadow IT? YOU - Just Follow Human Nature
FREEDOM
OWNERSHIPEGO
Image Source: http://upload.wikimedia.org/wikipedia/commons/thumb/8/85/Aromatase_3EQM.png/1280px-Aromatase_3EQM.png
FREEDOM
Shadow IT Teams value the freedom to • Create• Innovate• Set Development Pace and Scope• Choose Cost Structure
OWNERSHIP
Manage and operate at your own pace under your own control. Shadow IT teams value:
• Fast, iterative schedules• Low Cost Structure• Minimizing delivery hurdles
– Easy to build and spin up a business solution
EGO: I know what I know.
I am what I am.
What I know is good enough to deliver business value.
• Skills and Expertise• Best Practices• New
– Tools– Patterns– Processes
Source: http://rap.genius.com/Xeezy-x-man-lyrics#note-1312310
Shadow IT Team View
By operating independently, Shadow IT teams gain:
• Immediate access to needed resources• Rapid, creative experimentation without red tape
hurdles• An ability to tailor solution towards specific business
requirements
Source: http://rap.genius.com/Xeezy-x-man-lyrics#note-1312310
Driving Shadow IT GrowthExternalize, Consumerize, Democratize (ECD) Trend
• Externalize – Capabilities sourced from outside your
enterprise– Restrict to non-core business functions
• Consumerize– Bring Your Own (BYO*) trend– Employees and partners expect a usable and
rich user experience• Democratize
– Everyone can perform task or acquire capability
– Adoption hurdles removed
Driving Shadow IT GrowthExternalize, Consumerize, and Democratize (ECD) Trend
• Externalize (Cloud services)– Infrastructure: Amazon AWS– Dev Platform: WSO2 Cloud– Software: SalesForce.com
• Consumerize (BYO*)– Smartphones: iPhone– File Sharing: DropBox, Flickr– Contact Lists: LinkedIn
• Democratize (Lower cost/expertise)– Point and click development– Virtualization, containers
Are you delivering what business teams want?
80% of executives today can name a critical piece of information they need but that IT is unable to provide• Source: http://www.informationweek.com/it-leadership/gartner-2013-tech-spending-to-hit-$37-trillion/d/d-id/1106985
80% of the respondents said they used SaaS applications that had not been approved by IT• Source: http://www.computerworld.com/article/2598551/malware-vulnerabilities/shadow-cloud-services-pose-a-growing-
risk-to-enterprises.html
Can you meet business team delivery date?
Shadow Solutionsare within reach!
Common Operating Principle:Beg for Forgiveness,
Don’t Ask For Permission
Source: http://upload.wikimedia.org/wikipedia/commons/thumb/2/26/Gingerbread_Cookies_1.jpg/1076px-Gingerbread_Cookies_1.jpg
14
35% of enterprise IT expenditures will happen outside of the corporate IT budget in 2015.
37% of respondents say the rate of outside spending is on the rise, up from 22% last year. 21% of CIOs retain full spending authority
Shadow IT Teams are Well-Funded(and autonomous)
Shadow IT Team Reality
• Shadow IT project funding is outside Enterprise IT oversight.
• Shadow IT infrastructure selection is outside Enterprise IT
oversight.
• Shadow IT team resource pool has limited interaction and
collaboration with Enterprise IT.
• Cloud services (IaaS, PaaS, SaaS) provide compelling and
useful solutions for Shadow IT with few adoption barriers
The Enterprise IT – Shadow IT battle
16
Dev Teams
Biz Users
IT
I have a solution, but can’t deploy
I need a quick solution for problem ‘x’
Not compliant with the policies
I can fund and provide hosting.
?..#@$%
CFOCIO
♬♪
1
2
3
4
Shadow IT Dangers
• Security holes• Non-compliance with corporate policies • Poor Quality of Service (QoS)• Hidden costs (management, monitoring, security, agility)
Enterprise IT Exists To Protect Against IT Danger
• Deliver exceptional quality of service at scale
• Enforce corporate security policies• Control cost• Reduce IT management burden• Apply team resource pool, skills,
infrastructure, and tools across multiple IT projects
Enterprise IT Challenges when working with Shadow IT teams
• Architecture• Development Lifecycle Processes• Governance• Tooling
Enterprise IT Goals
• Embrace Shadow IT by making the right thing to do the easy thing to do for Shadow IT.
• Find common ground between Shadow IT goals and Enterprise IT goals
• Bridge the divide between Enterprise IT compliance and Shadow IT experimentation
Enterprise IT Mandate
• Address barriers preventing Shadow IT
from adopting Enterprise IT standards
• Extend Enterprise IT solution reach across
heterogeneous Shadow IT teams
• Merge Enterprise IT policy with Shadow IT
development and run-time environments
Enterprise IT Roadmap
1. Building easy to adopt Enterprise APIs [e.g. master data, business processes, identity]
2. Extend your identity management model to embrace Shadow IT development agencies and Software as a Service identity repositories
3. Add software development lifecycle processes, governance, and security models that are Shadow IT friendly
4. Offer a DevOps PaaS enabling Shadow IT development.
5. Offer approved Software as a Service, APIs, and applications via an Enterprise App Store
Building Block Evaluation Criteria
• Provides On-demand Development Team Self-service• Fosters Team Collaboration• Adapts to multiple Governance Models• Conforms with Flexible Cost Models and Fiscal
controls• Presents Project Visibility, Policy Compliance
Dashboards, and Audit Trails• Establishes Enterprise Management and Monitoring
across heterogeneous environments and infrastructure
• Federates Identity and Access Control across multiple identity, attribute, and policy information points (PIP)
• Promotes Re-use
Embrace Shadow IT
• Understanding the Shadow IT mindset• Bridge the divide• Accelerate solution development• Empower every team to build in an enterprise-
safe manner.