In the move towards a hybrid enterprise IT environment, where users can access applications, data and the underlying infrastructure located on-premises in data centres and private or public clouds, the way IT is managed has to change. The world is becoming a smaller place, with the latest technology connecting us to the whole global landscape. The introduction of a faster and more efficient IT infrastructure has the power to connect regions in almost every country, giving workers the freedom to become more mobile and productive, and businesses less restrictive on their physical location.
[easy-tweet tweet=”It is still the responsibility of the CIO and his department to ensure the company’s systems and data are secure” via=”no” usehashtags=”no”]
The benefits of a flexible workforce embracing mobility and the cloud far outnumber the concerns over migrating to a different work environment – in the cloud. These technologies drive innovation in the business and improve employee satisfaction, which results in favourable perceptions of the CIO and employer on the whole. But how should the IT department manage a changing environment such as this? We know that the hybrid enterprise, while delivering multiple benefits, can expose enterprises to a seemingly infinite number of new attack vectors.
In today’s reality, users are just as likely to work with their favourite, non-IT-sanctioned cloud apps at Starbucks as they are to sit in a corporate office running centralised data centre apps, resulting in the rise of Shadow IT.
Even when employees decide to use technology outside of IT jurisdiction to do their job, it is still the responsibility of the CIO and his department to ensure the company’s systems and data are secure.
Governing what we can’t see
The way data is stored by enterprises and used by employees continues to change. Though the flexible environments we work in today promote productivity and employee efficiency, they’ve changed the way IT governs technology and manages security. When everything was in the office and data centre, governance was much simpler. But with the profusion of applications being accessed inside and outside the workplace, IT runs the risk of losing visibility and control. This could result in a series of security risks and potentially lost or compromised corporate data. Not only could this put sensitive information in the hands of the wrong person, it can severely damage the company’s reputation, should customer or public information be compromised. The reality is that IT cannot govern what it cannot see, and therefore does not have the ability to control access and usage.
[easy-tweet tweet=”If #ShadowIT is happening, it’s likely because employees aren’t being provided with the best tools to do their job” via=”no” usehashtags=”no”]
As concerning as the risks may seem, restriction is not the answer. If Shadow IT is happening, it’s likely to be a result of employees not being provided with the best tools to do their job. Therefore, it becomes an issue that the organisation needs to address to ensure that the technology being provided is suitable for the workforce. But more importantly, the CIO should embrace an “IT governance” approach, which includes having the visibility in place to monitor user access, network traffic and application performance, in order to provide a holistic understanding of the way IT is being used, without limiting the way employees use it.
If you can see it, you can protect it
As IT overcomes the challenges of the hybrid enterprise, visibility into infrastructure is one thing that cannot be compromised. Lack of visibility into the network and applications layers may hinder IT’s ability to identify, predict, and prevent threats. Key questions to ask should include:
- What’s on your network?
- Who’s using it?
- How are they using it?
- Where are they accessing it?
- When did this all take place?
Answers to these questions should be available in real-time in order to provide the most accurate and up-to-date breakdown. The traditional manual approaches to tracking network status often fall short because asset inventories are almost never complete, and at best are only as current as the latest scan. Needless to say, that isn’t ideal for security.
Companies that can control and manage complexity, without restricting user access, will be able to use IT as a competitive business advantage, instead of being weighed down trying to solve performance problems and security concerns of business-critical applications. Suffering from Shadow IT and the lack of visibility need no longer be an issue for IT. New technologies that allow visibility and control from one performance management platform mean that in the hybrid enterprise, with employees working from disparate locations, maintaining a balance between IT governance and IT restriction is possible.
[easy-tweet tweet=”Suffering from #ShadowIT and the lack of visibility need no longer be an issue for IT” user=”riverbed_uk” usehashtags=”no”]