Category Archives: Shadow IT

Protect your Mac against risks such as ransomware and shadow IT

It’s more important than ever to protect your digital assets from increasing risks and threats like ransomware and shadow IT. In an earlier blog post, we explained these two serious risks and gave you some tips to protect yourself from them. Today, we would like to go into more detail and invite you to our […]

The post Protect your Mac against risks such as ransomware and shadow IT appeared first on Parallels Blog.

How to protect your Mac from risks like ransomware and shadow IT

It is more important than ever to safeguard your digital assets from increasing risks and threats. Have you heard already of Ransomware and Shadow IT?  Today, I would like to talk about these two serious risks and give you some tips to protect yourself from them. Let`s start with ransomeware which is one of the […]

The post How to protect your Mac from risks like ransomware and shadow IT appeared first on Parallels Blog.

81% of CIOs believe legacy systems are having negative impact on business

racing horses starting a raceResearch from Trustmarque has highlighted 81% of CIOs believe legacy infrastructures are having a negative impact on the IT department’s productivity levels.

The report stated the majority of CIOs see the legacy systems as a drain on IT resources and 86% believe IT management has become more complex over the last five years, owing to the fact teams have to juggle between the impact of cloud and mobile, as well as delivering on legacy systems. Due to the increased number of SLA’s and an increasingly diverse number of vendors to support both new and legacy technologies, 58% are struggling to deliver a consistent level of IT across the business.

“Providing comprehensive, consistent IT support in today’s complex IT world is a huge challenge for CIOs. It’s unsurprising many are finding IT management a growing burden,” said Mike Henson, Director, Cloud and Managed Services, Trustmarque. “Particularly where there is a lot of legacy technology, CIOs have an important decision to make – whether to continue to support legacy IT, or explore migration to the cloud – where support costs can be considerably lower.

“Today, IT might be easier to use than ever, but it’s also much more complex to manage and support. The business IT model has shifted, digital experiences are high on the agenda, along with a desire to consume rather than build IT. This shift has caused considerable strain on CIOs’ time, resources and budgets.”

While cloud could now be seen as a priority throughout the industry, the majority of businesses are having to navigate a number of transformation projects to implement the technology. In reality, very few companies are in a position to deliver a Greenfield cloud proposition within their organization, leading to complications in managing the co-existence of cloud and legacy, as the report indicates.

One are which this is seemingly having a direct impact is on innovation. As IT complexity has increased, the report indicates the number of ‘tickets’ being raised throughout the business has also increased. This in turn keeps IT employees focused on operational tasks (“keeping the lights on”) as opposed to focusing on implementation of new technologies to support digital transformation projects. 77% of the CIOs questioned in the survey confirmed one of their top priorities was to reduce the proportion of internal resource devoted to operational IT, freeing team members up to invest more time in transformational IT projects.

“In today’s increasingly connected world, business IT is unpredictable – changing to reflect varied business needs and the ways in which modern employees want to work,” said Henson. “Many CIOs struggle to balance the need to run business IT as usual, while at the same time delivering innovative new services to demanding users. Clearly, CIOs recognise the growing need for continued innovation within their organisation – but also recognise that a lack of internal resources and skills can hamper this ambition.”

Although general consensus throughout the industry is leaning towards cloud penetrating the mainstream marketplace, it is unlikely we’ll see cloud and other emerging technologies as the default until resource can be effectively moved away from operational IT. A number of different businesses have stated the need to transform to remain competitive in the marketplace, thought the report does imply these projects are unlikely to succeed until the idea of IT as simply a support function is removed from the business mind-set.

24% of businesses expect a cyberattack within the next 90 days

Hacker performing cyber attack on laptopResearch from VMWare has highlighted 24% of office workers and IT decision makers believe their organization will be the victim of a cyberattack with the next 90 days, mainly due to the belief that the threats are advancing at a faster pace than a company’s defences.

Although the statistics imply the event of a cyberattack is becoming normalized within the industry, the findings do also suggest investments from enterprise organizations are not meeting the demanding trends of security, as 39% of the respondents believe one of the greatest vulnerabilities to their organisation to a cyberattack is threats moving faster than their defences.

“The issue around accountability is symptomatic of the underlying challenge faced as organisations seek to push boundaries, transform and differentiate, as well as secure the business against ever-changing threats”, commented Joe Baguley, CTO of VMware in EMEA. “Today’s most successful organisations can move and respond at speed as well as safeguard their brand and customer trust. With applications and user data on more devices in more locations than ever before, these companies have moved beyond the traditional IT security approach which may not protect the digital businesses of today.”

While security could be seen as something of a sound-bite for board-level execs in recent months, the importance of spreading cybersecurity awareness and responsibility throughout the organization have been made clear by the IT department. Of the IT decision makers who were surveyed as part of the research, 22% said the board should be most aware of the necessary actions to take following a significant data breach, and 40% said the CEO should be this person.

Industry insiders have commented to BCN in recent weeks that the use of security comments by execs highlighted the importance of cybersecurity has been an effort to appease customers and stakeholders, and there is little follow through in terms of investment in new technologies. Research from the Economist Intelligence Unit also backs up these comments as its own survey said only 5% of UK corporate leaders consider cyber security a priority for their business, contradicting comments made by execs in the press.

Shadow IT was another area which featured in the report, as unauthorized devices and software are seemingly still plaguing IT decision makers throughout the industry. 55% of the IT decision makers surveyed believe their own employees are the greatest security threat a company faces, which is also backed up by the statistics that 26% would use their personal device to access corporate data and almost a fifth, 16%, would risk being in breach of the organisation’s security to carry out their job effectively.

“Security is not just about technology. As the research shows, the decisions and behaviours of people will impact the integrity of a business,” said Baguley. “However, this can’t be about lock-down or creating a culture of fear. Smart organisations are enabling, not restricting, their employees – allowing them to thrive, adapt processes and transform operations to succeed.”

93% of enterprise now using cloud services – survey

business cloud network worldThe vast majority of IT professionals are now using at least one cloud-based service, according to a survey recently published by IT portal Spiceworks.

While 93% of respondents confirmed that they are using at least one cloud based service within their operations, the survey also highlighted IT professionals are still hesitant when considering emerging technologies.

Opportunities such as email hosting and cloud storage are increasingly being viewed as the norm, though IaaS is still met with some scepticism with only 20% of respondents currently using it, and only 16% considering its use in the next 12 months. EMEA professionals demonstrated a higher appetite for IaaS, with use 11 percentage points higher in EMEA than in North America.

In terms of current cloud services, web and email hosting are by far and away the most utilized, with 76% and 56% usage respectively. Online back-up and recovery appears to be the biggest growth area, with 35% of respondents currently using the service and 23% planning to engage over the next 12 months.

When building the business case for cloud transition, cost still remains the top priority for the majority of IT professionals. 71% of respondents highlighted this would be considered the number one reason for the transition, though cloud enabled innovation was only a driver for 3%. While early adopters are moving away from CAPEX/OPEX reductions as the business case for cloud adoption, the rising cost of hardware implementation and maintenance still drives mainstream cloud implementation.

The survey also highlighted that Shadow IT remains a challenge for a large part of the industry, as services which remain un-sanctioned by the IT team are still demonstrating high usage from the rest of the business. 33% of respondents highlighted they have deployed Dropbox services officially, but 78% of companies have employees using the service without IT approval. Google Drive was also being used in 59% of companies surveyed without approval from the IT team.

Microsoft Azure emerged as the most commonly used IaaS provider, accounting for 16%, closely followed by rival AWS at 13%. However 21% of respondents are considering Azure over the next twelve months, compared to only 11% weighing up AWS. The Microsoft team can be encouraged by these statistics, though this is a category which currently does not seem to have a clear market leader. Other brands highlighted by the survey in this space include Rackspace, Google and VMWare.

Despite AWS’s dominant market position, industry insiders questioned by BCN perceive Azure as the more effective platform. With Microsoft bolstering its ranks through strategic company and talent acquisition over the last 18-24 months, Azure is viewed as the more productive offering, despite being more expensive.

The results show a number of positive trends within the cloud industry, though still a number of worrying factors. 20% of IT services are cloud based today, and 30% of the respondents expect that within three years, more than half of their IT services will be cloud based. Conversely the culture of trusting public cloud services with company data/content without approval from the IT function seems to be a trend which isn’t disappearing.

Cisco launches Cloud Consumption as a Service to help CIOs retain control

Cisco shadow ITCisco has announced a new service to help CIOs regain control of the company computing resources as shadow IT threatens to run rampant.

Its new Cloud Consumption as a Service (CCaaS) offering promises to discover and monitor public cloud computing usage, which grew at 112 per cent last year in large enterprises. With the average organisation now using 1,220 cloud services the position of chief information officer risks being undermined, as much of the information technology that companies use is now out of the CIO’s control, according to Cisco.

Cisco alleges that cloud services are now 25 times higher than the average CIO planned for, meaning that management is impossible. The launch of CCaaS will offer measure and monitoring, in order to help CIOs to manage what it describes as ‘the significant business risks associated with uncontrolled adoption of public cloud services’. These risks range from regulatory compliance and data protection, to business continuity, cost and service performance, it warns.

The main function of the service is to discover and continually monitor public cloud use across an organisation. When tempered with detailed analytics and benchmarking from Cisco, businesses could cut both their costs and security risks while making better future cloud service purchasing decisions.

New York based health care organisation CityMD, which acted a test user of the service, found that employees across its 50 sites were using 522 cloud services, while the IT department only supported 20.

“Our company was founded by doctors, so they want cloud services fast but now we have a better idea of what risks we may face,” said Robert Florescu, Information Technology VP at CityMD.

The Cisco Cloud Consumption as a Service is now available globally via qualified Cisco channel partners, prices start at $1 to $2 dollars per employee per month, depending on the size of the business.

Cisco, Elastica join forces on cloud security monitoring

Cisco will resell Elastica's cloud service monitoring technology

Cisco will resell Elastica’s cloud service monitoring technology

Networking giant Cisco is teaming up with Elastica, a cloud security startup, in a move that will see the two firms combine their threat intelligence and cloud service monitoring technologies.

The partnership will also see Cisco resell Elastica’s cloud application security and monitoring solution (CloudSOC) to its customers.

“The combination of Cisco’s threat-centric security portfolio and Elastica’s innovation in cloud application security provides a unique opportunity. Our global customers gain additional levels of visibility and control for cloud applications and it enhances our portfolio of advanced cloud-delivered security offerings,” said Scott Harrell, vice president of product management, Cisco Security Business Group.

“We are excited to partner with Elastica to deliver an even richer portfolio of on–premises and cloud application security to protect businesses across the attack continuum – before, during, and after an attack,” Harrell said.

The move is a big win for Elastica, a startup that existed stealth in early 2014 and just last month secured $30m in funding. Cisco will provide the security startup with a large and varied channel that spans both the enterprise and scale-out markets, while Cisco can plug a gap in its burgeoning cloud-centric portfolio (that said, it’s possible the move is a precursor to an acquisition).

“CIOs want to empower employees with advanced cloud apps that help enterprises stay agile, productive and competitive in the marketplace. The power of these cloud apps – information sharing and built-in collaboration capabilities – also require a completely new approach to security,” said Rehan Jalil, president and chief executive of Elastica.

“Elastica’s cloud app security technology, together with Cisco’s broad security portfolio and footprint, will help us catalyze the safe and compliant use of cloud apps so that our customers can continue to securely make their businesses more agile and productive,” Jalil said.

Guest Post: How to Regain Control Over the “Shadow IT” in Your Environment

Do you need to regain control of shadow IT in your environment? The use of cloud services is growing, and according to a recent Cisco/Intel Study, “The Impact of Cloud on IT Consumption Models,” the cloud occupies 23% of IT spend with respondents estimating that number will grow to 27% by 2016. Recent analyst reports also suggest that of the total cloud spend, Software-as-a-Service (Saas) alone could capture greater than half within the next few years.

shadow ITThese numbers are not surprising, considering growing demand from workers for the latest and greatest technologies and applications, that will enable them to do their jobs with greater ease, efficiency and flexibility than is possible using traditional computing tools and applications. Yet, as anyone working in IT can attest to, not everyone goes through the proper channels when it comes to procuring cloud services. This trend, often referred to as “shadow IT” is creating problems for IT organizations of all sizes as it makes it difficult to gain visibility into their entire infrastructure operations.


The fact is, the most tech-savvy employees figured out years ago how to get their hands on the applications they want and need – without IT’s blessing. With quick and easy access to public clouds, analytics, development, and collaboration tools via the Internet, it’s no wonder workers are purchasing and provisioning virtual machines (VMs) on public clouds, downloading apps, or even building their own apps using cloud-based tools, and deploying them on the cloud, with a simple click of a button.

As a result, many IT organizations are still in the dark about how many cloud apps they have running on their system. And, according NetSkope’s 2014 Cloud Report those numbers are on the rise with the average number of cloud apps per enterprise going from 397 in January 2014 to a whopping 579 in October 2014.


If You’ve Lost Control, You Are Not Alone

The effects of shadow IT are well-documented in the enterprise with recent research reports and industry surveys estimating that IT has effectively lost control of between 35% and 50% of the enterprise IT spend, with marketing, sales, accounting, HR and other departments regularly purchasing cloud services directly from cloud services providers – and completely bypassing the IT department during the purchasing process.

Yet, when major outages happen, or when these systems go down or troubleshooting is required, you know as an IT professional that your department will be called on to respond and mitigate for any system failures.

So what’s the fix? The first step is to find a way to regain control, not just over the spending, but how clouds and applications are provisioned and managed. This way, lines of accountability are made very clear.

One of the ways to do this is through by automating IT operations via a centralized dashboard. By having a single pane of glass view into your organizations entire IT operations, your team will be aware of where cloud VMs are being spun up, where applications are being used, who is using them, how much is being used, and how they are performing. This, in turn, will put IT back in the drivers seat and help eliminate the threat that your users’ “shadow IT” purchases are having on the business.


To learn more about how GreenPages can help you with automating your IT operations, watch this short video on our Cloud Management as a Service Infrastructure Operations offering


By Chris Joseph, VP, Product Management & Marketing, NetEnrich, Inc.

Managing Resources in the Cloud: How to Control Shadow IT & Enable Business Agility


In this video, GreenPages CTO Chris Ward discusses the importance of gaining visibility into Shadow IT and how IT Departments need to offer the same agility to its users that public cloud offerings like Amazon can provide.



If you would like to hear more from Chris, download his on-demand webinar, “What’s Missing in Today’s Hybrid Cloud Management – Leveraging Cloud Brokerage”

You can also download this ebook to learn more about the evolution of the corporate IT department & changes you need to make to avoid being left behind.




Have You Met My Friend, Cloud Sprawl?

By John Dixon, Consulting Architect


With the acceptance of cloud computing gaining steam, more specific issues related to adoption are emerging. Beyond the big-show topics of self-service, security, and automation, cloud sprawl is one of the specific problems that organizations face when implementing cloud computing. In this post, I’ll take a deep dive into this topic, what it means, how it’s caused, and some options for dealing with it now and in the future.

Cloud Sprawl and VM Sprawl

First, what is cloud sprawl? Simply put, cloud sprawl is the proliferation of IT resources – that provide little or no value – in the cloud. For the purposes of this discussion, we’ll consider cloud to be IaaS, and the resources to be individual server VMs. VM sprawl is a similar concept that happens when a virtual environment goes unchecked. In that case, it was common for an administrator, or someone with access to vCenter, to spin up a VM for testing, perform some test or development activity, and then forget about it. The VM stayed running, consuming resources, until someone or something identified it, determined that it was no longer being used, and shut it down. It was a good thing that most midsize organizations limited vCenter or console access to perhaps 10 individuals.  So, we solved VM sprawl by limiting access to vCenter, and by maybe installing some tools to identify little-used VMs.

So, what are the top causes of cloud sprawl? In IT operations terms, we have the following:

  • Self-service is a central advantage of cloud computing, and essentially cloud means opening up a request system to many users
  • Traditional IT service management (a.k.a. ITIL) is somewhat limited in dealing with cloud, specifically configuration management and change management processes
  • There remains limited visibility into the costs of IT resources, though cloud improves this since resource consumption ends up as a dollar amount on a bill…somewhere

How is Cloud Sprawl Different?

One of the main ideas behind cloud computing – and a differentiator between plain old virtualization and centralization – is the notion of self-service. In the language of VMware, self-service IaaS might be interpreted as handing out vCenter admin access to everyone in the company. Well, in a sense, cloud computing is kind of like that – anyone who wants to provision IaaS can go out to AWS and do just that. What’s more? They can request all sorts of things, aside from individual VMs. Entire platform stacks can be provisioned with a few clicks of the mouse. In short, users can provision a lot more resources, spend a lot more money, and cause a lot of problems in the cloud.

We have seen one of our clients estimate their cloud usage at a certain amount, only to discover that actual usage was over 10 times their original estimate!

In addition, cloud sprawl can go in different directions than plain old VM sprawl. Since there are different cloud providers out there, the proliferation of processes and automation becomes something to watch out for. A process to deal with your internal private cloud may need to be tweaked to deal with AWS. And it may need to be tweaked again to deal with another cloud provider. In the end, you may end up with a different process to deal with each provider (including your own datacenter). That means more processes to audit and bring under compliance. The same goes for tools – tools that were good for your internal private cloud may be completely worthless for AWS. I’ve already seen some of my clients filling their toolboxes with point solutions that are specific to one cloud provider. So, bottom line is that cloud sprawl has the potential to drag on resources in the following ways:

  1. Orphaned VMs – a lot like traditional VM sprawl, resulting in increased spend that is completely avoidable
  2. Proliferation of processes – increased overhead for IT operations to stay compliant with various regulations
  3. Proliferation of tools – financial and maintenance overhead for IT operations


Download John’s ebook “The Evolution of Your Corporate IT Department” to learn more


How Can You Deal with Cloud Sprawl?

One way to deal with cloud sprawl is to apply the same treatment that worked for VM sprawl: limit access to the console, and install some tools to identify little-used VMs. At GreenPages, we don’t think that’s a very realistic option in this day and age. So, we’ve conceptualized two new approaches:

  1. Adopt request management and funnel all IaaS requests through a central portalThis means using the accepted request-approve-fulfill paradigm that is a familiar concept from IT service management.
  2. Sync and discoverGive users the freedom to obtain resources from the supplier of their choosing, whenever and wherever they want. IT operations then discovers what has been done, and runs their usual governance processes (e.g., chargeback, showback) on the transactions.

Both options have been built in to our Cloud Management and a Service (CMaaS) platform. I see the options less as an “either/or” decision, and more of a progression of maturity within an organization. Begin with Option 2 – Sync and Discover, and move toward Option 1 – Request Management.

As I’ve written before, and I’ll highlight here again, IT service management practices become even more important in cloud. Defining services, using proper configuration management, change management, and financial management is crucial to operating cloud computing in a modern IT environment. The important thing to do now is to automate configuration and change management to prevent impeding the speed and agility that comes with cloud computing. Just how do you automate configuration and change management? I’ll explore that in an upcoming post.

See both options in action in our upcoming webinar on cloud brokerage and governance. Our CTO Chris Ward will cover:

  • Govern cloud without locking it down: see how AWS transactions can be automatically discovered by IT operations
  • Influence user behavior: see how showback reports can influence user behavior and conserve resources, regardless of cloud provider
  • Gain visibility into costs: see how IaaS costs can be estimated before provisioning an entire bill of materials


Register for our upcoming webinar being held on May 22nd @ 11:00 am EST. “The Rise of Unauthorized AWS Use. How to Address Risks Created by Shadow IT.