Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Taming the Shadow IT Beast and Runaway Spend

By: on Leave a Comment

Do you know how much IT resources your employees are consuming?

According to research conducted by the Everest Group, shadow IT spending accounts for a whopping 50% or more of the IT budget. Beyond these costs, shadow IT could end up costing you big in terms of a security breach: Gartner estimates that 33% of security attacks will be on shadow IT resources by 2020. Simply put, shadow IT isn’t just an expensive problem to have. It’s a threat to your business.

You Can’t Blame Developers for Going Rogue

DevOps and application teams are a key consumer of IT resources in your organization—they’re agile teams who need to get product releases out the door quickly. They need to get the job done, and will provision any resource that will get them there, even if it means going around IT.

Still, you can’t blame these developers for going rogue: They need the right resources when they need them, and IT, busy responding to multiple tickets while juggling daily fires, can’t always meet those needs in a timely fashion. From a developer’s perspective, though, the fact that IT is firing on all cylinders to do their best doesn’t matter. For them, waiting days for resources may as well be an eternity.

Giving Your DevOps Teams the Goods

In a perfect world, DevOps and application teams would get access to the resources they need without the back and forth of ticketing systems, or the complexity of provisioning resources on systems that are totally unfamiliar systems. The latter is especially risky because it can introduce potential security holes that could be exploited by attackers.

To this end, IT’s ultimate goal should be to enable self-service provisioning for DevOps and application teams. Creating a catalog that only serves up the resources relevant to the requesting team is one option here. Through blueprints, a repeatable way to orchestrate and automate provisioning of resources, this self-service nirvana becomes a reality: IT delivers resources in minutes, not days or weeks, and developers get what they need without putting the organization at financial and operational risk.

Delivering Self-Service, but with a Safety Net

Of course, IT wants to be as efficient and agile as possible, though not at the expense of control over cost and compliance. So, while enabling DevOps, IT also needs to monitor and contain cross-cloud spend.

To accomplish this, IT can set automated quotas and limits, ensuring that user access to AWS resources, memory and more, is tightly controlled. They can also set up controls, such as power scheduling and expiration dates, to further control costs. As a result, VMs can’t be left on gobbling resources over the weekend, and demo environments shut down automatically when no longer used.

From a security and compliance standpoint, IT can prevent teams from going rogue by determining who can do what. For instance, this could be who can orders servers, workloads and XaaS—along with quotas set for spend and resource usage—to who can approve fulfillment of those orders. This way, resources are never overprovisioned, and a real tally is kept as to exactly who is using which resources across the business.

Taming the Shadow IT Beast

With a better handle on cloud spend and resource usage, IT teams can put a dent in the 44% of IaaS compute spend stemming from non-production resources that are accidentally left running, according to ParkMyCloud. At the same time, they can stay on top of security and compliance, while still giving DevOps the tools they need, with orchestration blueprints that automate resource provisioning on a repeated basis. Taming the shadow IT beast, allowing developers to access resources in seconds with a self-service catalog, frees up IT teams to tame all the other beasts they face on a daily basis.

— Brian J. Kelly