Dive Brief:
-
A new study from Cisco found that most CIOs underestimate the number of unauthorized apps and services on their networks.
-
The typical firm has 15 to 22 times more cloud applications running in the workplace than the number the IT department has authorized, Cisco estimated.
-
On average, CIOs in the survey estimated there were 51 cloud services running within their organization, but the actual number is about 730, according to Cisco's analysis. The majority of the unauthorized cloud applications identified by that Cisco were either Software-as-a-Service or Infrastructure-as-a-Service.
Dive Insight:
Unauthorized apps and services, also called “Shadow IT,” can create security threats, according to Bob Dimicco, global leader and founder of Cisco's Cloud Consumption Service practice.
"If they can't see these cloud services being consumed, they can't see the risk that's being incurred," he said. "[If] you can't see it, you really can't manage it."
To help reduce such security risks, ensure an organization is not duplicating services, and still provide end users the applications and services that they need to do their jobs, Dimicco suggests CIOs consider setting up new governance structures to help bridge the gap between lines of business and the tech department. CIOs can set up a catalog of approved cloud services, for example, that users can select from.
"It starts with discovering and identifying what's being used," Dimicco said, "and then taking that data and applying it to an informed cloud strategy so the IT organization can be a broker."