The Proliferation of Shadow IT - and the Opportunity for Cloud and Security Service Providers
LONDON, March 12, 2014 /PRNewswire/ -- Reportbuyer.com just published a new market research report:
The Proliferation of Shadow IT - and the Opportunity for Cloud and Security Service Providers
In this SPIE, we take a look at the state of shadow IT in companies worldwide. We reveal some surprising results from the Stratecast survey of IT and Line of Business (LoB) employees. Finally, we offer tips to security, cloud, and managed services providers to help enterprises start addressing the risks associated with shadow IT in their own companies.
Introduction
Just a few years ago, the industry was all abuzz about employees who insisted on using their personal devices, such as iPhones and iPads, to access business applications. Within IT circles, the discussion quickly shifted from "how to stop it" (you can't) to "how to protect your business while giving employees the freedom to make choices." Today, companies report greater productivity and higher employee satisfaction from their Bring Your Own Device, or BYOD, policies.
Are we headed for a similar discussion based around employees' choice of the applications they utilize in business? Are we facing a BYOA (Bring Your Own Application) revolution, in which employees claim the right to choose the tools with which they get their work done, while IT scrambles to protect corporate assets?
The revolution is already here, according to the results of a recent Stratecast survey. Thanks to the ease of access to Software as a Service (SaaS) applications, even non-technical employees feel comfortable and entitled to choose their software—and they are doing so in droves. In many cases, IT departments and security officers are unaware of the extent of "shadow IT," and therefore unprepared to deal with it.
For SaaS providers, the proliferation of shadow IT brings a whole new set of target customers. Rather than dealing with IT gatekeepers, SaaS providers can market and sell directly to individual employees, departments, and business units. However, unfettered access to thousands of SaaS applications, without centralized, policy-based control, opens the company to significant risks.
In this SPIE, we take a look at the state of shadow IT in companies worldwide. We reveal some surprising results from the Stratecast survey of IT and Line of Business (LoB) employees. Finally, we offer tips to security, cloud, and managed services providers to help enterprises start addressing the risks associated with shadow IT in their own companies.
Defining "Shadow IT"
In this SPIE, Stratecast broadly defines "shadow IT" as SaaS applications used by employees for business, which have not been approved by the IT department or obtained according to IT policies. The non-approved applications may be adopted by individual employees or by an entire workgroup or department. The non-approved applications must be used for work tasks; in this study, we are not tracking employees' personal Internet usage on company time (e.g., checking sports scores or updating personal Facebook profiles).
The cloud—particularly the SaaS delivery model—and popularity of powerful mobile devices are responsible for the rise of shadow IT in business. In the SaaS model, the software vendor is responsible for hosting and maintaining the application, which users access via a network. For corporate IT departments, choosing SaaS over traditional licensed software offers a number of benefits. Since the application vendor hosts the software, the enterprise IT department can avoid capital investments in infrastructure. In addition, the vendor is responsible for operational tasks, including infrastructure maintenance, testing, provisioning, upgrades and refreshes, capacity planning, and performance management. Backup and recovery for data and infrastructure is also largely the responsibility of the vendor in a SaaS environment.
But the benefits of the SaaS model are not restricted to corporate IT. For users, SaaS is characterized by:
• Ease of access – Users can access SaaS apps via the Internet, using their Internet browser, from any Internet-accessible device. In most cases, little or no client-side software is required, which means that the SaaS solution leaves no "footprint" on company-owned devices.
• Ease of maintenance – SaaS apps are maintained by the provider. Users have no responsibility for patches or updates.
• Free or low cost – Many software providers offer a limited functionality or limited capacity version of their applications at no cost. Other SaaS applications are available at a low monthly fee, payable by credit card (no corporate purchase order required). SaaS subscriptions can often be terminated at any time, with no strings attached.
• Quick deployment – SaaS is available on demand, with a click of the "accept" button on the Terms and Conditions page. Users do not have to wait weeks or months for server provisioning and application deployment (assuming the request is approved).
Consumers have embraced SaaS; in fact, a whole generation of users has never loaded software onto a personal computer. It should come as no surprise that those same users carry their experiences and expectations into the workplace.
But, the decisions that users make in their personal lives generally affect only themselves. In a business setting, the decisions an employee makes can impact the entire corporation. This is why the stewards of corporate assets (who include not only IT, but also compliance, security, and general business executives), as well as their technology partners, need to understand, assess, and respond to the risks associated with shadow IT.
The Real Story Behind Shadow IT
There seems to be a general industry consensus that shadow IT exists, but little understanding of the details. How pervasive is it? Who are the perpetrators, and what are their motivations? Do users and their employers understand the risks; and, if they understand the risks, do they have the means to manage those risks?
To get to the facts, Stratecast conducted a survey of IT employees and Line of Business (LoB) employees who identified themselves as either "decision-makers" or "influencers" of software purchases in their companies. Some findings conformed to our expectations; many others surprised us. And all provide valuable insight for companies and those who sell to them.
Here are six findings that may change how the industry views Shadow IT:
1. Everyone does it.
More than percent of survey respondents admit to using non-approved SaaS applications in their jobs. Only percent of LoB employees and percent of IT employees do not use any non-approved SaaS applications.
Furthermore, non-approved applications represent a sizeable proportion of all SaaS apps used in a company. According to respondents, the average company utilizes around SaaS applications; of these, more than are non-approved. That means businesses can expect that upwards of percent of all SaaS apps are purchased and used without oversight.
The high penetration of non-approved apps argues that such usage is no longer in the shadows, but very open. Furthermore, the similar numbers of departmental and individual users suggests that, while a particular SaaS application may not have been approved by IT, it likely is being overtly or tacitly supported by the employee's own department. This indicates that corporate and departmental policies or practices may clash, with the department winning.
2. We have met the enemy, and he is us.
Another surprising is that IT users are even more likely than LoB users to adopt non-approved SaaS. Furthermore, IT employees use a higher number of non-approved SaaS applications than LoB. It appears that, in acting as the guardian of corporate technology, the IT department considers itself exempt. Stratecast suspects that this is a case of IT employees' overconfidence in their ability to assess risks, as well as their greater familiarity with a range of SaaS [...]
Table Of Contents
1 | THE PROLIFERATION OF SHADOW IT - AND THE OPPORTUNITY FOR CLOUD AND SECURITY SERVICE PROVIDERS
SPIE 2013 #40 - November 1/2013
1. Introduction
2. Defining "Shadow IT"
3. The Real Story Behind Shadow IT
4. Stratecast - The Last Word
5. About Stratecast
6. About Frost & Sullivan
Read the full report:
The Proliferation of Shadow IT - and the Opportunity for Cloud and Security Service Providers
http://www.reportbuyer.com/business_government/security/security_services/proliferation_shadow_opportunity_cloud_security_service_providers.html#utm_source=prnewswire&utm_medium=pr&utm_campaign=Security_Services
For more information:
Sarah Smith
Research Advisor at Reportbuyer.com
Email: [email protected]
Tel: +44 208 816 85 48
Website: www.reportbuyer.com
SOURCE ReportBuyer
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article