Vision Reflects on Clouds, ‘Shadow IT’ in Latest Resilience Report

The cloud has become pervasive in the business IT world at most organizations. However, the rise of “shadow IT” services living on the cloud threatens to undermine companies’ data and application resilience strategies, particularly in light of the increasingly complex, hybrid cloud/on-premise setups that are becoming popular today, Vision Solutions says in its annual State of Resilience report 2015.

According to Vision’s survey, 62 percent of IT executives report using cloud services at their organization. Apparently, the old debate about whether an organization should adopt “the cloud” is over. Cloud-based services are clearly popular and are here to stay, and discussions instead have rightly turned to more nuanced topics, such as how organizations should adopt cloud services while ensuring adequate levels of protection for data and services.

Answering that question is proving to be far more difficult than the first. The rate of innovation in the cloud often outpaces what an organization can efficiently deliver in its on-premise data center. And when other departments go behind the back of the CIO to subscribe to services such as Salesforce.com, Marketo, or any number of other software as a service (SaaS) applications, that gives rise to the shadow IT problem.

According to Vision’s survey, 52 percent of IT executives say they do not have processes to manage outside data sources, such as Dropbox. When those outside repositories are used to store confidential or otherwise important information, it damages the IT department’s ability to fulfill its obligation to the organization to secure data and protect privacy.

If you rely on an external organization to safeguard your own data, you are accepting the failures and limitations of that external organization. In resiliency terms, the recovery point objective (RPO) and recovery time objective (RTO) goals of that external system is now your own. So when Dropbox goes down for two days as part of an operating system upgrade, as Vision reported that it did in 2014, you must be ready to accept that your data will not be available.

There is also the matter of organizations moving internal systems to the cloud as part of a private cloud environment. This is a decidedly different animal than adopting a commercial SaaS package, but the shadow IT problems of relying on somebody else’s hardware and IT expertise are similar.

Interestingly, Vision found that nearly two-thirds of organizations that report using the cloud are not using HA or DR with those cloud setups. This indicates that the cloud services those organizations are using are not the most critical systems. As you can see in figure 1, email, Web servers, file servers, databases, CRM systems, and document management software are the most likely applications to be hosted in the cloud. Near the bottom of the list are applications that are arguably more critical, such as CAD/engineering apps, electronic medical records (EMR) systems, point of sale (POS) systems, warehousing, and ERP applications.

Despite the low adoption of cloud-based HA and DR, Vision found that about 10 percent of cloud users have plans to adopt HA and DR in the cloud, which it took as “a strong sign of increasing adoption.” The adoption of HA DR in the cloud can be expected to progress right in step with cloud computing, with mainstream adoption expected within two to five years, Vision says.

Ensuring the security and availability of data and applications in this emerging world that consists of a mix of SaaS, public cloud, private cloud, and on-premise resources will require time and expertise of IT professionals. Public clouds often have low RPO and RTO goals, so building suitable HA and DR protections falls on IT. This is not something that the shadow IT army is going to provide for you.

“Despite the benefits that cloud computing offers, IT remains accountable for architectural designs and the tools and that will ensure data availability and business continuity,” Vision says. “This demands time, resources, and skilled staff to architect a new, potentially complex infrastructure. … IT must develop processes that ensure reliability in cloud environments.”

While the cloud is promising, organizations must remain vigilant about protecting their own assets, says Vision Solutions Chief Technology Officer Alan Arnold. “What we’ve uncovered with our research in the State of Resilience Report is that companies are insufficiently prepared to provide resilience for their IT systems, particularly in light of the prevalence of hybrid data centers and the acceleration of cloud adoption,” Arnold says in a press release. “The importance of ensuring availability, protection and synchronization of data across diverse platforms cannot be understated.”

Vision held a webinar about the State of Resilience report in December. To access a recording of the Webinar, go to this link..

RELATED STORIES

Sandy Shows State Of IT Resilience Has Room For Improvement

Cloud and Virtualization Hurting State of Resiliency, Vision Study Finds