DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More Topics
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » IT as Code » IT Security » Taming the Shadow IT Beast and Runaway Spend

Taming the Shadow IT Beast and Runaway Spend

By: Brian J. Kelly on April 3, 2020 Leave a Comment

Do you know how much IT resources your employees are consuming?

Recent Posts By Brian J. Kelly
  • How Enterprise IT Teams Can Win the Hearts of DevOps
  • How Not to Sabotage Your Multi-Cloud Strategy
More from Brian J. Kelly
Related Posts
  • Taming the Shadow IT Beast and Runaway Spend
  • DevSecOps in Azure
  • How to Design DevSecOps Compliance Processes to Free Up Developer Resources
    Related Categories
  • Blogs
  • IT as Code
  • IT Security
    Related Topics
  • cloud spend
  • devops
  • Shadow IT
Show more
Show less

According to research conducted by the Everest Group, shadow IT spending accounts for a whopping 50% or more of the IT budget. Beyond these costs, shadow IT could end up costing you big in terms of a security breach: Gartner estimates that 33% of security attacks will be on shadow IT resources by 2020. Simply put, shadow IT isn’t just an expensive problem to have. It’s a threat to your business.

DevOps/Cloud-Native Live! Boston

You Can’t Blame Developers for Going Rogue

DevOps and application teams are a key consumer of IT resources in your organization—they’re agile teams who need to get product releases out the door quickly. They need to get the job done, and will provision any resource that will get them there, even if it means going around IT.

Still, you can’t blame these developers for going rogue: They need the right resources when they need them, and IT, busy responding to multiple tickets while juggling daily fires, can’t always meet those needs in a timely fashion. From a developer’s perspective, though, the fact that IT is firing on all cylinders to do their best doesn’t matter. For them, waiting days for resources may as well be an eternity.

Giving Your DevOps Teams the Goods

In a perfect world, DevOps and application teams would get access to the resources they need without the back and forth of ticketing systems, or the complexity of provisioning resources on systems that are totally unfamiliar systems. The latter is especially risky because it can introduce potential security holes that could be exploited by attackers.

To this end, IT’s ultimate goal should be to enable self-service provisioning for DevOps and application teams. Creating a catalog that only serves up the resources relevant to the requesting team is one option here. Through blueprints, a repeatable way to orchestrate and automate provisioning of resources, this self-service nirvana becomes a reality: IT delivers resources in minutes, not days or weeks, and developers get what they need without putting the organization at financial and operational risk.

Delivering Self-Service, but with a Safety Net

Of course, IT wants to be as efficient and agile as possible, though not at the expense of control over cost and compliance. So, while enabling DevOps, IT also needs to monitor and contain cross-cloud spend.

To accomplish this, IT can set automated quotas and limits, ensuring that user access to AWS resources, memory and more, is tightly controlled. They can also set up controls, such as power scheduling and expiration dates, to further control costs. As a result, VMs can’t be left on gobbling resources over the weekend, and demo environments shut down automatically when no longer used.

From a security and compliance standpoint, IT can prevent teams from going rogue by determining who can do what. For instance, this could be who can orders servers, workloads and XaaS—along with quotas set for spend and resource usage—to who can approve fulfillment of those orders. This way, resources are never overprovisioned, and a real tally is kept as to exactly who is using which resources across the business.

Taming the Shadow IT Beast

With a better handle on cloud spend and resource usage, IT teams can put a dent in the 44% of IaaS compute spend stemming from non-production resources that are accidentally left running, according to ParkMyCloud. At the same time, they can stay on top of security and compliance, while still giving DevOps the tools they need, with orchestration blueprints that automate resource provisioning on a repeated basis. Taming the shadow IT beast, allowing developers to access resources in seconds with a self-service catalog, frees up IT teams to tame all the other beasts they face on a daily basis.

— Brian J. Kelly

Filed Under: Blogs, IT as Code, IT Security Tagged With: cloud spend, devops, Shadow IT

Sponsored Content
Featured eBook
DevOps: Mastering the Human Element

DevOps: Mastering the Human Element

While building constructive culture, engaging workers individually and helping staff avoid burnout have always been organizationally demanding, they are intensified by the continuous, always-on notion of DevOps.  When we think of work burnout, we often think of grueling workloads and deadline pressures. But it also has to do with mismatched ... Read More
« Why SaaSOps Pros Need to Manage the New Perimeter
The Dynamics of Social Distancing »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Accelerating Continuous Security With Value Stream Management
Monday, May 23, 2022 - 11:00 am EDT
The Complete Guide to Open Source Licenses 2022
Monday, May 23, 2022 - 3:00 pm EDT
Building a Successful Open Source Program Office
Tuesday, May 24, 2022 - 11:00 am EDT

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.