Shadow IT usage increasing while visibility drops

Shadow IT usage increasing while visibility drops

Raj Samani is Vice President and Chief Technology Officer of Intel Security for Europe, Middle East, Africa.

In September 2016 Intel Security surveyed over 2,000 professionals for its annual cloud security research study. This includes approximately 100+ cloud end user executives from Saudi Arabia and UAE. Excerpts of the trends around Shadow IT, Containers, DevSecOps.


 

Visibility of Shadow IT services has dropped this year.

Visibility of Shadow IT drops from 50% last year to 47% this year

An IT organisation that is slow to deploy solutions can inadvertently encourage other departments to commission their own services. It can also lead to a disjointed security environment, creating more work for the security team. Whatever is driving Shadow IT, whether it is the mainstream acceptance of public cloud services or slowed adoption by IT due the shortage of security skills, almost 40% of cloud services in use in an organisation today are commissioned without the involvement of the IT department.

This is not necessarily a bad thing, if IT and security operations have sufficient visibility to keep the applications, data, and the organisation safe and secure. Unfortunately, visibility of these Shadow IT services has dropped from about 50% last year to just under 47% this year. This is not a very large drop, but it does affect the security posture of the organisation. More than 65% of IT professionals think this lack of visibility is impairing their ability to keep the cloud safe and secure, up from 58% last year.


 

Next-generation firewalls have replaced database activity monitoring as the most likely method being used this year, increasing from 41% to 49%.

Only 1% organisations not monitoring Shadow IT usage

There are significant changes in the actions which IT is taking to monitor and manage the use of Shadow IT services. IT departments appear to be moving towards more active methods of monitoring and employing technology in an effort to gain better visibility. Next-generation firewalls have replaced database activity monitoring as the most likely method being used this year, increasing from 41% to 49%.

Utilisation of web gateways increased from 37% to 41%, and use of cloud access security brokers increased slightly from 32% to 33%. At the same time, more passive methods of detecting Shadow IT activity, such as working with finance, checking license usages, or word or mouth, dropped significantly. Overall, only 1% of organisations are not monitoring Shadow IT usage, down from 5% last year.


 

Blocking access to unauthorised services is the top choice, but only 27% of organisations are taking this action.

27% respondents blocking Shadow IT

IT departments are taking a variety of steps to secure shadow services in use. Blocking access to unauthorised services is the top choice, but only 27% of organisations are taking this action. Most appear to be striving to support the department’s choice of service with measures such as identity and access management, DLP and encryption, or working with the users to find an acceptable solution. Interesting to note, while 22% have experienced a data breach with their cloud services, only 24% are using DLP and encryption to protect the data, with almost no correlation between the two.


 

The shift to software defined datacenters is slowest at largest organisations, with 10% of those stating no plans to fully transform, and 29% expecting it to take up to five years.

 

Only 4% respondents have full software-defined datacentre.

Only 4% respondents have full software-defined datacentre

In order to move to a hybrid private-public cloud architecture, the datacentre has to evolve to a highly-virtualised, cloud-based infrastructure. Very few organisations are there yet, with only 4% reporting a fully software-defined datacentre. However, the majority 73% expect to complete their transformation to software-defined datacentre within 24 months, while 20% expect it to be complete within 5 years. Only 7% indicate that they never plan to fully transform to software-defined datacentre.

The shift is happening slowest at the largest organisations, with 10% of those stating no plans to fully transform, and 29% expecting it to take up to five years. Government 19% and utilities 14% are the leaders of the – No, never group, and government 33%, education 31%, and services 33% leaders of the – within 5 years, group. These responses are all arguably due to concerns about the scarcity of skilled IT staff to implement and maintain their private cloud.

The telecommunications industry ranked the scarcity of IT staff skills similarly high, yet they are leading the transformation to software-defined datacentre. Currently an average of 52% of an organisation’s datacentre servers are now virtualised.


Unauthorised access top concern for private clouds

Private cloud users listed unauthorised access to sensitive data as their top concern, with concern about staff security skills a very close second. The time and effort involved in implementation and maintenance also made the list. The majority of the concerns are related to security operations, including maintaining compliance, identity and access management, dealing with advanced threats, insufficient visibility, and consistent controls. New virtualisation technologies, such as containers, are putting additional pressure on the IT departments’ resources and skill sets.


 

More than 80% stated that they are now using containers.

Transformation to cloud driving adoption of containers

This transformation to cloud services is transforming other aspects of the organisation as well. Containers, the younger and smaller siblings of virtual machines and the next step in granular resource allocation, are growing very quickly. More than 80% stated that they are now using containers, 36% using them just inside IT, 18% just outside IT, and 29% both inside and outside of the IT department. Containers tend to be used in higher quantities per host than virtual machines, but last for a small fraction of the time, making them more challenging to protect.


 

Only 6% of IT professionals stated they have no plans to introduce a DevSecOps function.

DevSecOps improving efficiency of security teams

DevSecOps is a growing organisational option intended to help distribute security throughout the organisation. DevSecOps functions are now found in 44% of organisations using cloud services, with 49% planning to introduce this function in the future. Only 6% of the IT professionals surveyed stated that they have no plans to introduce a DevSecOps function.

A global cloud survey of 1,000+ organisations in late 2016 reveals a faster pace of Shadow IT adoption with reduced visibility for IT, Excerpted from Building Trust in a Cloudy Sky, The state of cloud adoption and security by Intel Security.

Browse our latest issue

Intelligent Tech Channels

View Magazine Archive