How To Work With Shadow IT and Keep DevOps Happy
Most commonly referred to as IT (Information Technology) behind IT’s back, Shadow IT is common. Many of us use Shadow IT without knowing or understanding the risks. For instance, if you have sent files to friends, colleagues, or customers using Dropbox, Sharefile, etc., and don’t have an enterprise-provided account for them, you’ve used Shadow IT. If you ever used personal public cloud accounts to test your applications, you would be considered a Shadow IT practitioner.
Convenience and productivity are often the drivers for adopting Shadow IT. Employees deploy solutions that their IT departments do not approve. Often the reasoning is that using the traditional route for approvals is too complicated or time-consuming.
The Upside of Shadow IT Revealed highlights some interesting points:
- 21% of organizations don’t have any policies surrounding the use of new technology
- 77% of IT pros agree that Shadow IT will become a bigger issue at their company by 2025
- 40% of IT pros admit to using unapproved tech themselves despite the risks
When development teams choose unsupported cloud infrastructure without IT involvement, the network team loses visibility and security. Also, cost control for the application service levels goes unaccounted for once the developed application goes live.
The objective of gaining visibility and control over Shadow IT is not to block agile development and use of innovative services but to have a controlled environment, which gives the organization the best of both DevOps and IT – that is, to keep a secure and controlled environment while enabling agility.
The new paradigm of DevOps as the center of the application universe requires infrastructure to secure and scale applications across multiple environments in a way that does not require developers to deal with security and networking complexity nor have to wait weeks for provisioning. The needs for the infrastructure touches many constituencies (an IT administrator, an application developer, DevOps, tenants, and the person responsible for the costs).
However, with all the risks, Shadow IT is here to stay due to the benefits it brings to the organization in productivity, innovation, and deployment time. So, IT needs to enable the enterprise to adopt the best aspects of Shadow IT while reducing the downside and risks.
[You may also like: 4 Reasons Why Application Delivery is Critical to DevOps]
What IT Departments Can Do to Address Security Concerns
IT needs to provide visibility and control of shadow IT applications to address cost, security, availability, and disaster recovery concerns for the enterprise. Gaining visibility and control requires addressing the key needs of those adopting Shadow IT. Vetting, enabling, and adopting new, easy-to-deploy off-the-shelf applications and services along with investments in self-service, orchestration, and automation all address one of the core reasons for adopting Shadow IT – complicated and time-consuming provisioning.
The preferred solution for DevOps and NetOps to secure applications across all supported environments must address the following:
- Seamlessly integrate with DevOps automation tools of choice such as Ansible
- Simplify administration and remove requirements for networking and security expertise
- Execute complex and tedious tasks with personalized automation and self-service wizards
- Allow centralized management to enable quick and easy deployment & configuration self-service across multiple cloud and on-premise environments
- Provide insightful and actionable reports for NetOps, DevOps, and SecOps to stay on top of the end-to-end application availability and security status
- Allow automated licensing to allow ease of deployment in any environment, for any app security service capacity, with seamless scale up or down.
[You may also like: Agile, DevOps and Load Balancers: Evolution of Network Operations]
For enterprises with Shadow IT, there are several ways to address security and disaster recovery concerns. One way is to ensure security and scalability are a part of IT’s self-service, orchestration, and automation systems; do not require additional effort from those driving adoptions of Shadow IT applications and services.
Download The State of Web Application and API Protection to learn more.
*** This is a Security Bloggers Network syndicated blog from Radware Blog authored by Prakash Sinha. Read the original post at: https://blog.radware.com/application-security-4/2021/04/how-to-work-with-shadow-it-and-keep-devops-happy/