Over a million developers have joined DZone.

Open Source: Standing in the Shadows of IT

Shadow IT is generally considered a security risk, but can it be used for good?

· DevOps Zone

The DevOps zone is brought to you in partnership with Sonatype Nexus. The Nexus suite helps scale your DevOps delivery with continuous component intelligence integrated into development tools, including Eclipse, IntelliJ, Jenkins, Bamboo, SonarQube and more. Schedule a demo today

I recently asked a friend why he was sending me a work document that listed client names and other business data to my inbox. He then realized he had unwittingly stored a very sensitive work document in a DropBox account that was shared among friends.

Shadow IT is a term that is used to describe information-technology systems and solutions that are used by employees that are not sanctioned by the IT Department. Examples include cloud solutions such as DropBox and GitHub to store data as well as software downloads, especially free software, like open source. The main reason for these rogue activities is often internal barriers to get technology approved and vetted by the internal compliance team. With innovation occuring so rapidly, departments are no longer happy waiting weeks or months for an authorized solution.

Cloud computing and related SaaS and PaaS applications have created a whole new way for employees to easily bypass internal IT. A recent study by Stratecast shows upwards of 35 percent of all SaaS apps in an enterprise are purchased and used without oversight and more than 80 percent of respondents feel justified in continuing to use the non-approved services without ensuring that protective IT policies are applied.

Another trend that enterprises are struggling to deal with is Shadow BYOD. This refers to the number of unmanaged personal devices connecting to the network and accessing government or corporate data. Whether it is a flash drive, iPad or other device, it can put sensitive data at risk

Open Source and Shadow IT

Open source software is ripe for Shadow IT. In a February 2015 Gartner survey, 99 percent of responding organizations reported using open source. Users can download the software quickly and easily. Since the software is "free" and there is no need to get approvals to purchase, using the software can go unnoticed by IT Managers and compliance officers.

Enterprises have come to realize that managing the use of open source software usually diverts business, technical and legal resources, which is where the cost of free software comes into play.

These software packages can be perplexing for an enterprise because they can have thousands of third-party modules, with each module having its own creator/contributors and its own license that may restrict or have specific requirements around its use.

Litigation is always a lurking danger with open source and most enterprises do not want to be exposed to this risk. Does the shadow IT in your enterprise expose you to unnecessary indemnification or compliance risk?

Embrace Shadow IT

Information Technology departments in enterprises can play a very important role by embracing shadow IT to help drive innovation. Examples include approving underlying platforms, becoming educators and providing “preferred supplier” lists.

Enterprises must grade the security risk of Shadow IT against the opportunity cost of stifling employees and discouraging innovation from within. Many of these tools and solutions eventually end up becoming part of the enterprise’s sanctioned IT portfolio.

We see developers who start off using open source technology "in the shadows", but eventually becomes formally adopted by the enterprise. In order to achieve this adoption, developers need to find a commercial distribution that suits the needs of the business, brings in the proper support and SLA while mitigating the risks. An enterprise-wide solution allows other departments to benefit as well, without having to worry about license counts.

By integrating your systems, tools, and data more closely with your business, shadow IT can help drive (rather than hinder) innovation in the enterprise.

The DevOps zone is brought to you in partnership with Sonatype Nexus. Use the Nexus Suite to automate your software supply chain and ensure you're using the highest quality open source components at every step of the development lifecycle. Get Nexus today

open source,shadow it

Published at DZone with permission of Michael Blanchard. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}