It turns out "shadow IT" is a bigger phenomenon than many of us believed, at least according to Cisco. The company has determined that on average, large enterprises are using 1,220 individual public cloud services—up to 25 times as many as IT departments it surveyed believed. Cisco is targeting the shadow IT epidemic with a new SaaS product called Cloud Consumption as a Service:
The primary function of the new service is to discover and continually monitor public cloud use across an organization. When combined with detailed analytics and benchmarking from Cisco, this insight helps businesses reduce security risks and better understand and manage costs. This helps IT teams to partner more effectively with business groups and make educated decisions about the right cloud services for the business.
Cisco's news release cites the example of one early user of the service, CityMD, which runs urgent care facilities in the greater New York City area. The organization determined that workers were using more than 500 cloud services, compared to the 15 or 20 being officially supported by IT.
The new service is being sold through Cisco partners, and is priced between $1 and $2 per month, dependent on how large a company is.
Out of the Shadows
Cisco came up with its statistics by polling CIOs and through software that tracks activity on networking and security devices it sold to customers, according to the Wall Street Journal. To some, its numbers on the extent shadow IT might seem a little high, and indeed, the WSJ quoted several skeptics. Still, given the very real risks involved with shadow IT—such as data leakage, wasteful spending and extra stress on IT infrastructure—the new service certainly has a reason to exist.
However, Cisco is not the first to come up with such an idea. Just one example is IBM, who launched a similar product called Cloud Security Enforcer last year.
"For Cisco, this is really a step to show customers what they are doing with Cisco router hardware and software, only that Cisco has now added the intelligence to resolve where traffic is going on the Internet," says Constellation Research VP and principal analyst Holger Mueller. "There are many applications of this. Not just the consumption of public web services, but the surfing of malignant sites, abuse of company resources and so on. It's good to see Cisco adding value to customers, but really the question has to be, why only now?"
Many attribute the rise of shadow IT to the simple fact that business users are just trying to do their jobs effectively, and aren't able to with the tools provided and governed by IT. And for years, observers have called for companies to embrace, not fight shadow IT, in the name of driving innovation.
One could view monitoring tools like Cisco's new service as a way for companies to target and stamp out shadow IT altogether. But it could also be used by IT to examine the nature of shadow IT in their organizations—what types of apps and services are being unofficially used, and by how many employees—and then help reshape the lineup of IT-supported offerings to better meet business users' needs.
Finally, the rise of such tools may add fuel to the long-running debate over the morality of employee monitoring. But Constellation Research VP and principal analyst Steve Wilson says there's no line being crossed here.
"As long as surveillance of employee use of corporate IT is targeted and proportional, then most accept it can and should happen," he says. "By proportionate, I mean the test is: Would you listen in on an employee phone call? No, but you might well track how long people spend on the phone, and how much the calls are costing. And then have ways of triggering more intrusive forensics and monitoring in the event someone is reasonably expected to be doing something wrong. Cloud is the same."
Reprints
Reprints can be purchased through Constellation Research, Inc. To request official reprints in PDF format, please contact Sales.