It's hard to believe, but just 10 years ago open source was considered "communist," an anti-American cancer and the terror of corporate legal departments everywhere. Now, as a recent Harvard Business Review article reports, it's business as usual. Mundane, even. Developers are to blame. Getting projects done proved far easier with open-source software than protracted licensing negotiations for proprietary software.
Now this same human desire to evade bureaucracy and foster productivity is driving broad adoption of cloud services, and this time it's not just developers driving adoption. Lines of business executives are also encouraging Shadow IT to skirt enterprise policies. The catch is that it is also introducing all sorts of security and management quandaries. Skyhigh Networks, a new startup launching today and funded by Greylock, aims to give CIOs insight and some control over these cloud services without becoming a bottleneck on productivity.
Data Security And Shadow IT
Today, services like Dropbox, for storage, and Remember The Milk, for task tracking, are used by employees in most Global 2000 enterprises, but rarely with the approval, or even knowledge, of corporate IT departments. Indeed, the use of cloud-based services is by now so widespread that corporate IT really has little insight into the pervasiveness of these cloud services within their organizations, as cloud pundit Ben Kepes has blogged.
Cloud services help achieve a goal which companies strive for, efficiency. However, cloud services can also be problematic, as they bypass the corporate infrastructure. No big deal, right? Wrong. For example, services may have user agreements that, clicked through quickly by impatient users, transfer IP-ownership over any data stored through their services. Cloud services may also store data in a way that allows information to be hacked by dangerous third parties.
Like the enterprise IT reaction against open-source software 10 years ago, there is a reflexive urge to just say no to cloud services and try to shut down all but a short list of approved ones. Good luck with that. It’s too late to try and cap cloud service adoption. A better approach is to get visibility into all the services running today, put in policies for their safe use, and let employees choose the services that work best for them. Just as happened with open source. Once IT got open-source software blessed by the legal department, with the risks understood and managed safely, there was no looking back. It’s everywhere now.
Giving The CIO (Some) Cloud Control
Enter Skyhigh Networks. Skyhigh lets IT say "yes" by giving an enterprise visibility into all the cloud services employees are already using (usually 10X what IT has already formally approved), and providing tools to manage any risks and enable adoption.
Skyhigh offers a cloud-based service that is frictionless to central IT and user experience. Give it 30 minutes and it will cleverly discover all third-party cloud services employees have running (e.g., Dropbox, Box, MindtheMilk, Salesforce.com, etc.), and show you a list of the most dangerous. Skyhigh already has risk profiles on more than 2,000 of the most popular enterprise services using risk metrics from the Cloud Security Alliance, which rates 50+ parameters for both security and legal risk. When IT sees everything running, it can put in place governance policies for employees to safely use all but the most dangerous cloud services. Instead of the CI"no" you have the CIO as guide, enabler, trusted adviser.
Want a free pass to try Skyhigh? Here you go.
Going forward the service will also analyze use of these services for anomalies, powered by a Hadoop cluster engine. If a service or user behaves outside their norm, Skyhigh can alert IT. Finally, Skyhigh can also meter usage to compare to one's subscription agreements. One Skyhigh customer found that it was using 5,000 fewer Salesforce.com seats than it had purchased. That quickly translated into money in the customer's bank.
Skyhigh is currently being piloted by a handful of Fortune 20 companies, half-a-dozen Fortune 100 companies and another dozen 'normal' size companies like Netflix and Lucile Packard Children's Hospital. In each case, CIOs thought they had 25 to 70 cloud services running. An educated guess, but wrong. The fewest they found was 200+ and in two instances 2,000+, one of which includes a company known for its buttoned-down approach to security.
There's no going back on cloud computing. Like open source, it's here to stay. But also like open source, the best way for enterprise IT to confront the cloud is to understand and enable its sensible use. Skyhigh may offer a serious step toward that goal.
Image courtesy of Shutterstock.