NEW! Mirantis Academy -   Learn confidently with expert guidance and On-demand content.   Learn More


How to support shadow IT without risk

shadow IT

Let’s face it, every enterprise has shadow IT. Even before the pandemic, Gartner found that shadow IT accounted for 30-40% of IT spending in large enterprises, and many believe it’s increased in the last few years, with remote workers onboarding technology on their own. While CIOs traditionally have tried to shut down shadow IT, nowadays many IT leaders are embracing it as an opportunity to collaborate with business units and better serve their unique needs. 

Of particular concern is shadow IT for cloud infrastructure. When developers can’t get the resources they need fast enough, many pull out a credit card and turn to AWS, Microsoft Azure or Google Cloud Platform. Public cloud providers account for a bulk of the shadow IT costs at many organizations. So how can CIOs support shadow IT for cloud infrastructure without all the risk?

Why should CIOs support shadow IT?

Let’s review why CIOs should support shadow IT in the first place. Behind shadow IT are real business needs often overlooked by IT due to lack of awareness or understanding. Many business units that strategically invest in shadow IT are on the forefront of innovation and can provide valuable insights into how IT services, resources, and processes need to evolve. Rather than discourage shadow IT as breaches of corporate policies and procedures, CIOs can embrace it as an opportunity to listen to business units, partner with them, and respond more effectively to their needs. Understanding shadow IT can be a valuable way to strategically align your IT roadmap with business units and proactively support grassroots innovation.

What are the risks of shadow IT?

There are undoubtedly many hazards of shadow IT. These risks are why CIOs have traditionally instituted company-wide bans. The top risks of shadow IT include:

  • Security compliance risks - Business units typically lack the expertise to adequately check solutions for vulnerabilities or safely implement them according to applicable corporate policies and government regulations, including data privacy laws for sensitive customer data. 

  • Uncontrolled costs - This is especially relevant to public cloud services, which can quickly run over budget without proper tooling, controls, and contract negotiation expertise in place. Business units deploying greenfield applications often miss out on discounts from public cloud providers, because they can’t accurately predict usage requirements and won’t commit to any specific usage level.

  • Redundancy - Business units often operate in silos and procure solutions and services that duplicate existing resources, leading to unnecessary waste.

  • Lack of integration - Real-time data collected and analyzed by individual business units can be extremely valuable to the larger organization, but failure to integrate with centralized systems prevents wider usage.

  • Underestimated maintenance requirements - Chasing after immediate objectives often leads business units to overlook the long-term maintenance needs of the solutions and services they adopt. Business users also have limited expertise and perspective on technology lifecycle requirements. For public clouds, this includes tasks such as OS lifecycle management and managing dev/test instances.

When dealing specifically with public clouds, another risk is the prospect of costly downtime, especially as more providers face DDoS and cyberattacks. When outages do occur, most public cloud providers have limited SLAs that don’t incur financial penalties when commitments are breached.

How can CIOs support shadow IT without risk?

Supporting shadow IT without risk means putting the right people, processes, and platforms in place to respond quickly to changing business needs. The first step of course is listening to business units to understand what their requirements are, including the needs that drove them to seek shadow IT in the first place. 

In terms of cloud infrastructure, this means asking questions such as;

  • Are you looking for a VM, a container orchestrator, a Swarm cluster, a Kubernetes cluster, a web server, a web cluster, and/or something else to experiment on safely? 

  • What are your storage and connectivity requirements? How exposed to the public internet do you need it to be?

  • Does the software you want to use comply with corporate standards -- that is, can we supply you with that software in a safe, convenient way, such as through Helm charts, DBaaS, or other solutions?

  • Can any of our approved tools save you time and make your experiment run more smoothly?

After you have a strong grasp of the business needs, then establish an agile IT framework that incorporates the following key components:

  • Self-service - Wherever your IT organization provides cloud infrastructure, it is essential to provide developers with convenient self-service provisioning capabilities comparable to those of AWS, Azure and GCP.

  • Flexible architecture - Enterprise architecture should be built for agility, capable of adapting IT assets and business processes to fast-moving requirements. A core tenet of this is avoiding vendor lock-in everywhere possible, so you always stay in control of your technology roadmap. 

  • Automation - Sustaining a flexible, continuously evolving, multi-cloud tech estate underscores the need for intelligent automations that can vigilantly enforce security and standards, reduce the toil of operating heterogeneous technologies, and contribute to greater user satisfaction. 

  • Open APIs - Exposing data and functionality through open APIs will make systems more efficient to operate and easier to integrate with additional technologies and workflows.

  • Culture of innovation - Developers may get the spotlight, but they are not the only innovators. IT organizations need to cultivate a culture of proactive innovation so they can respond quickly to changing business needs and enable business units to capitalize on new opportunities.

  • Real-time monitoring tools - Automated monitoring and alerting systems are essential to tracking the health, performance, and costs of disparate systems.

Achieve true IT agility with ZeroOps

Practically speaking, how can CIOs support shadow IT and effectively run a highly responsive IT organization incorporating all the components listed above? A great solution is ZeroOps.

With ZeroOps, you can have cloud native experts at your fingertips who will create and operate the clouds your business needs to succeed. They will streamline multi-cloud operations with smart automation and continuously evolve your clouds for your latest requirements. You won’t have to worry about skill shortages or mastering the latest cloud technologies targeted by shadow IT — your ZeroOps team will take care of it for you. 

MIrantis ZeroOps can provide your organization with production-ready clouds on any infrastructure in as little as two weeks, with guaranteed performance and up to 99.99% uptime. Mirantis ZeroOps also costs up to 86% less than hiring and retaining site reliability engineers, infrastructure operators, network engineers, and other experts in house. Your business users will enjoy much greater freedom to choose and adopt the technologies they want, and we can help ensure security compliance and industry best practices for faster ROI.

To find out how your company can achieve true cloud infrastructure agility without the headaches of complex heterogeneous operations, learn about ZeroOps cloud on-prem.

Choose your cloud native journey.

Whatever your role, we’re here to help with open source tools and world-class support.


Subscribe to our bi-weekly newsletter for exclusive interviews, expert commentary, and thought leadership on topics shaping the cloud native world.