Neutralizing Shadow IT with Public Cloud Self-Service Governance

This post originally appeared on the Gartner Blog Network.

In today’s scenario where IT is at the core of business innovation, I hear organizations struggling with potentially opposing priorities. On one side, business users and developers want more agility and autonomy. On the other side, central IT must continue to achieve governance to minimize risks and improve efficiency at scale. Historically, organizations have prioritized a strictly controlled and centralized model, which was applicable because central IT was solely responsible for IT infrastructure and service delivery. However, since cloud computing, end users found an alternative path to achieving their goals, by going straight to cloud providers and bypassing central IT. Unfortunately, many of those shadow IT projects are not able to scale and expose the organization to uncontrolled risks.

Some organizations decided to address this well-known issue by reinforcing their measures to deny end user access to cloud services. Recently, a client told me how they’re blocking access on their firewall to all amazon.com IP addresses. Other organizations decided to apply their standard governance and operational processes to new cloud environments, often using the cloud just like another data center to simply provide compute, storage and network. Both of these solutions have proven to be unsuccessful as shadow IT continues to proliferate. In fact, none of these solutions enables end users to achieve the goals of becoming more autonomous and agile. Denying access or applying too much intermediation are not effective. Organizations who’ve been successful at neutralizing shadow IT have focused on enabling end users to achieve those goals while preserving the ability to enforce governance principles. To accomplish that, they’ve re-thought their operational and governance models and they became brokers of externally-sourced IT services.

Also cloud IaaS users want more autonomy and agility, they want to procure the infrastructure required to support their projects and they want to leverage the flexibility and scalability of public cloud providers as well as the access to the plethora of value-added services they offer. To support that, it is imperative that organizations develop a cloud IaaS self-service enablement and governance strategy. The figure below depicts the five approaches for self-service enablement that I collated in the recently published research note “5 Approaches for Public Cloud Self-Service Enablement and Governance” (paywall).

Some of the approaches described in the research provide fully automated provisioning workflows, others focus on regulating access and auditing end user activity and workload configurations. The illustrated approaches can provide different degrees of agility, access to innovation, end user autonomy, standardization, policy and control, provisioning automation and complexity. Therefore, it is important for organizations to understand their differences and trade-offs. However, there is no one-size-fits-all approach and technical professionals should master and implement all of them to address the different personas and use cases that live in the organization. The research also contains examples and code snippets on how to implement the described approaches on Amazon Web Services and Microsoft Azure.

To know more about this topic, you can:

Looking forward to hearing your comments!