Employees keep turning to rogue cloud services, storing and sharing highly sensitive information in the public cloud despite IT's warnings about the dangers, and despite story after story that validates those warnings.
The rise of the rogue cloud isn't always an innocent mistake by happy-go-lucky but otherwise responsible users. Nearly one-fourth of the respondents (23%) in the IDC Innovation Imperative research commissioned by CA Technologies said innovation projects were frequently pursued stealthily, where IT was consciously and deliberately shut out of the projects.
Despite obvious dangers, we should view the rogue cloud as a positive thing and use it to IT's advantage. It's an opportunity for us to learn what's really important to the business. People are using the rogue cloud because it solves real problems that IT hasn't addressed. We should embrace that, and not seek to control or stop it. In the long run, I see rogue projects as a natural evolution in the iterative life cycle of corporate IT.
Here's why. Business units want to focus on business goals sales, accounting, marketing, manufacturing and not waste their time on managing technology, even when it's easy to do, such as with SaaS. Right now the rogue cloud is the shiny new thing. My sense is that it won't be long before users discover that managing the sprawl of SaaS apps and other cloud services detract from their core competencies. Guess who they'll call to take over these efforts? Hint: It won't be Ghostbusters.
That's not to say we can or should ignore the security threat of the rogue cloud. There is real short-term danger, and IT should be paying attention. But there's nothing new to these sorts of risks. We've seen these problems before, with the emergence of the PC and, later, with webmail, instant messaging, smartphones, tablets, and consumer driven IT. The average Joe has access to powerful, globally connected personal technology. They use it just as they would a pen or notepad that they brought from home.
When it comes to the business innovations made possible by rogue cloud computing, however, the risks are growing. To manage this, IT has to A) recognize the expansion of the rogue cloud, B) innovate approaches that help the business manage the risk, while C) recognizing the benefits users are getting from it, and D) find ways to securely deliver those benefits to the organization at large. In doing so, the rogue cloud becomes an inspiration, a skunk works, instead of a threat.
Let's say a U.S. developer needs to send a zip file that contains a folder tree of source code to a colleague in India. Many email systems filter or bounce messages with zip attachments, because zips can be a malware vector. What does the U.S. developer do?
Sign up for CIO Asia eNewsletters.