February 19, 2018

Bring Shadow IT into the Light

Version Control

Shadow IT describes the use of hardware or software that is not supported by the organization’s IT team. Often, it is referring to cloud-based applications, but it can also include open source software that is hosted on machines either belonging to an individual or repurposed from some other use in a department. The term sounds like the bogeyman is waiting right around the corner to get you.  It’s almost that bad.

Why Do Development Organizations Use Shadow IT?

Shadow IT, in any organization, is often the result of IT saying no to the use of particular, sometimes very desirable, applications. IT usually says no for valid security or compliance reasons.

In a software development organization, if it takes a day or two for an IT staffer to respond to a ticket from a development team asking for an environment to be setup and then it takes a week or two for the work to be done, this leads to frustration that causes engineers to go outside for solutions.

The magic of cloud SaaS applications is that there is usually no waiting for IT work requests. Instead, new services are spun up by clicking through a few choices in a web browser. So, new projects can be started quickly, and employees can get things done faster. But from a corporate governance perspective, it means that an individual department or business unit is making some very real decisions related to IT, without IT being involved.

Code Hosting is Shadow IT?

In a quest to satisfy their unmet demands, developers sign up for free code hosting platforms or install open source Git. This causes enterprise IT to lose control over application security and compliance, providing a gateway for company data to leak out into the world. Shadow IT, especially when using unbudgeted cloud-based SaaS applications, can make it impossible for IT organizations to understand what employees are doing. This creates a vicious cycle where employees feel like they must keep using Shadow IT, and IT continues to offer existing services because they can’t see the emerging needs.

An approved code hosting solution deployed on an enterprise VMWare cluster (as one example) or in your own hybrid cloud is an effective strategy for mitigating the risk of Shadow IT infiltrating your business.

Shine a Light on Shadow IT

Reining in this kind of activity isn’t easy. First, IT needs to recognize these needs. This is hard if IT doesn’t know any of this is happening. Communication needs to be resumed. Trust needs to be established. This kind of communication and trust comes with the DevOps culture. But it still remains rare for an organization today to fully embrace and live in such a culture, so this is an important topic to consider as you begin or continue your journey.

Besides the cultural changes, IT and senior leadership need to equip their development teams with a comprehensive platform that satisfies developer needs and expectations. Here are the basic requirements of a development platform, that when employed, will combat shadow IT.

  • Instant deployment of new projects and container images in an environment for test and dev and/or continuous integration (CI) and continuous delivery (CD).
  • A clear data management framework, with a single source of truth for all key data, that includes extensive logs and audit trails.
  • A strong integration platform, where developers can connect to the services they need in a managed way, enabling innovation and tool choice.
  • An identity and access management solution that lets users access all the services they need while maintaining strict security across all digital assets.
  • Disaster recovery and business continuity.
  • Policy enforcement and access control.

DevOps or not, IT and software development organizations have a shared goal: to deliver value to customers more quickly. By building this strong foundation, IT can achieve the best of both worlds - managing stable IT systems while giving the team access to everything they need to build their own, IT-approved "Non-Shadow IT".

Learn how Helix TeamHub, our enterprise-class code hosting and collaboration tool, mitigates the threats of shadow IT while simultaneously solving Git sprawl during our next live demo.