Find what’s there
Discover what shadow cloud services are being used in the organization, then categorize them according to risk: Those that should be banned or restricted, those that are often used by the organization and can continue if they pose no risk, and those that are sanctioned.
Build an atmosphere of trust in which both business and IT embrace change, where business asks for advice and IT is the advisor and orchestrator. Business strategy should be aligned to a cloud adoption strategy, one that isn’t based on saving money alone. IT should work with departments to understand functional requirements, business processes and architectures that make sense.
Both side needs to understand that all IT solutions need to meet legal, contractual, regulatory and sector-based standards. Intelligent vendor management practices may help mitigate risk. Also, when choosing solutions for sensitive data, it’s very important to find providers that commit to service level agreements
Lock it down
Business also has to understand IT has the knowledge to deal with data lifecycle management issues that cloud providers may skip over, as well as security issues such as access, encryption and key management, incident response continuity and data recovery.
Keep an eye on it
You can’t let staff adopt cloud solutions and forget about them. Cloud service providers have to be managed and monitored. Consider monitoring capabilities and incident escalation processes that will give the organization real time insight into business case gaps or conflicts, security issues and other service metrics.
To avoid shadow cloud being isolated, develop an IT architectural vision that allows efficient access management and service interoperability to enable an integrated cloud. Service orchestration may help improve realizethe benefits by enabling a more integrated set of IT processes across a varied set of cloud solutions.
Cloud computing offers advantages to enterprises, but only when done through a well-defined IT strategy. When done by individuals or lines of business – the so-called Shadow IT – unmonitored IT activity could post a significant risk. Yet sometimes the cloud moves faster than IT to meet business needs In a recent report PricewaterhouseCooper outlines how to prudently say yes to the cloud. Images from Shutterstock.com