DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Popular
  3. Open Source
  4. Open Source: Standing in the Shadows of IT

Open Source: Standing in the Shadows of IT

Shadow IT is generally considered a security risk, but can it be used for good?

Michael Blanchard user avatar by
Michael Blanchard
·
Apr. 25, 16 · Opinion
Like (2)
Save
Tweet
Share
2.76K Views

Join the DZone community and get the full member experience.

Join For Free

I recently asked a friend why he was sending me a work document that listed client names and other business data to my inbox. He then realized he had unwittingly stored a very sensitive work document in a DropBox account that was shared among friends.

Shadow IT is a term that is used to describe information-technology systems and solutions that are used by employees that are not sanctioned by the IT Department. Examples include cloud solutions such as DropBox and GitHub to store data as well as software downloads, especially free software, like open source. The main reason for these rogue activities is often internal barriers to get technology approved and vetted by the internal compliance team. With innovation occuring so rapidly, departments are no longer happy waiting weeks or months for an authorized solution.

Cloud computing and related SaaS and PaaS applications have created a whole new way for employees to easily bypass internal IT. A recent study by Stratecast shows upwards of 35 percent of all SaaS apps in an enterprise are purchased and used without oversight and more than 80 percent of respondents feel justified in continuing to use the non-approved services without ensuring that protective IT policies are applied.

Another trend that enterprises are struggling to deal with is Shadow BYOD. This refers to the number of unmanaged personal devices connecting to the network and accessing government or corporate data. Whether it is a flash drive, iPad or other device, it can put sensitive data at risk

Open Source and Shadow IT

Open source software is ripe for Shadow IT. In a February 2015 Gartner survey, 99 percent of responding organizations reported using open source. Users can download the software quickly and easily. Since the software is "free" and there is no need to get approvals to purchase, using the software can go unnoticed by IT Managers and compliance officers.

Enterprises have come to realize that managing the use of open source software usually diverts business, technical and legal resources, which is where the cost of free software comes into play.

These software packages can be perplexing for an enterprise because they can have thousands of third-party modules, with each module having its own creator/contributors and its own license that may restrict or have specific requirements around its use.

Litigation is always a lurking danger with open source and most enterprises do not want to be exposed to this risk. Does the shadow IT in your enterprise expose you to unnecessary indemnification or compliance risk?

Embrace Shadow IT

Information Technology departments in enterprises can play a very important role by embracing shadow IT to help drive innovation. Examples include approving underlying platforms, becoming educators and providing “preferred supplier” lists.

Enterprises must grade the security risk of Shadow IT against the opportunity cost of stifling employees and discouraging innovation from within. Many of these tools and solutions eventually end up becoming part of the enterprise’s sanctioned IT portfolio.

We see developers who start off using open source technology "in the shadows", but eventually becomes formally adopted by the enterprise. In order to achieve this adoption, developers need to find a commercial distribution that suits the needs of the business, brings in the proper support and SLA while mitigating the risks. An enterprise-wide solution allows other departments to benefit as well, without having to worry about license counts.

By integrating your systems, tools, and data more closely with your business, shadow IT can help drive (rather than hinder) innovation in the enterprise.

IT Open source

Published at DZone with permission of Michael Blanchard. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Real-Time Stream Processing With Hazelcast and StreamNative
  • 5 Factors When Selecting a Database
  • Bye-Bye, Regular Dev [Comic]
  • How to Secure Your CI/CD Pipeline

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: