Employee teams are increasingly using cloud services on their own to improve their effectiveness and efficiency. Cloud services are easy to use, have a fast time to value, and use a pay-per-use (OpEx) pricing model. In most cases, these employee teams do not feel the need to ask for IT’s permission to deploy them. The result is that management has no visibility or control over these “Shadow” IT services. This introduces security, compliance, and legal risks. Therefore a service is needed to discover, analyze, and control Shadow IT.

The number and variety of cloud services available to enterprises is growing at a staggering rate, and the adoption of cloud services by these enterprises is growing just as rapidly. Gartner says that 72% of enterprises use Software as a Service (SaaS) today. Forrester estimates that the entire cloud services market, which includes SaaS, Business Process as a Service (BPaaS), Platform as a Service (Paas), and Infrastructure as a Service (Iaaas) market was $58.6B in 2013 and will grow at a compound annual growth rate of 15.4% to $159.3B by the year 2020.

What’s more startling is how much spending on cloud services occurs outside of IT. Gartner predicts that a full 35% of IT spending will take place outside of IT by 2015. By the end of the decade, Gartner says that figure will hit 90%. This segment of cloud services purchased outside of IT is often referred to as “Shadow IT”.

Enterprise employees use cloud services for a variety of reasons. They provide business agility and ease of use, offer rapid scalability and faster time-to-value, and enable a shift from capital expenditure to operating expenditure. However, use of these services often comes with significant security, legal, and business risks, especially when they are procured and managed without IT’s involvement.

In order to reduce the risks associated and control the costs of cloud-based products, Cymbel recommends implementing a service that can identify all cloud-based services being used by the enterprise and then control the ones management approves. The discovery process ought be a simple matter of collecting and analyzing egress logs. Regarding control, rather than try to force fit into an existing proxy or firewall, use a dedicated reverse-proxy specifically designed for this function. It will be easier to deploy and manage, and could actually save money by exposing unused and underutilized licenses.

If you have a question or a comment, or would like more information, please let us know by completing the Contact Us box on the upper right side of this page.