Most CIOs have an inkling that employees in their enterprise have snuck a few applications past the IT department, but a new study by Cisco indicates that they are vastly underestimating the extent that unauthorized apps and services have infiltrated the network.
Consulting with CIOs and analyzing network traffic in a set of large enterprises in a variety of industries, Cisco determined that the typical firm has on the order of 15 to 22 times more cloud applications running in the workplace than have been authorized by the IT department.
That level of pervasive shadow IT can create new security threats and introduce considerable waste into the enterprise, as employees in different business lines purchase duplicative services for common processes like storage and collaboration.
"If they can't see these cloud services being consumed, they can't see the risk that's being incurred," says Bob Dimicco, global leader and founder of Cisco's Cloud Consumption Service practice. "[If] you can't see it, you really can't manage it."
And by Cisco's tally, there is quite a bit that CIOs aren't seeing. On average, CIOs surveyed estimated that there were 51 cloud services running within their organization. According to Cisco's analysis, the actual number is 730.
The lion's share of the unauthorized cloud applications that Cisco identified fall into the categories of Software-as-a-Service or Infrastructure-as-a-Service, with platform-level applications a distant third.
And it cuts across sectors. Even in highly regulated industries such as healthcare and financial services, Cisco found between 17 and 20 times more cloud applications running than the IT department estimated.
"The shock to the CIO was the magnitude and the pervasiveness," Dimicco says. "What was news here was, wow, this is happening in every industry, and in every industry the magnitude was much larger than what people expected."
Factors contributing to the rise of shadow IT
Cisco points to a confluence of factors that have led to the rise of shadow IT, which Dimicco boils down to two overarching trends -- "hyper-connectivity" and what he calls "hyper-distributed clouds," where data can reside across an interconnected set of public and private deployments.
"These are creating some unique problems for the CIO," Dimicco says. "[T]he CIO looks at this landscape -- it's very different than what it was a couple years ago."
Indeed, Cisco has documented a 21 percent increase in the volume of applications in use in the large enterprises it tracks just from the second half of 2014 to the first half of this year.
How CIOs can deal with shadow IT
So how is the CIO to respond to the surge in shadow IT? Dimicco outlines two broad options, and sees a clear choice.
Sign up for CIO Asia eNewsletters.