Quantcast
Channel: CloudSprawl » platform-as-a-service
Viewing all articles
Browse latest Browse all 4

Battling “Shadow IT” and uncertainty with cloud management and automation – a Q&A with Jay Lyman

0
0

In our last article on Cloud Sprawl, 451 Research’s Cloud Platforms Research Manager, Jay Lyman, joined us to discuss the reasons for moving to the cloud, and the challenges that many enterprises are facing when they get there.

In part two of our two-part conversation, Jay discusses another challenge created by cloud computing – shadow IT, or unknown and unsanctioned use of IT tools and resources.

The emergence of shadow IT creates more problems for enterprises that may not be aware of what cloud resources are being used across the organization, how much they cost or how they’re being managed and secured. During the second half of our discussion with Jay, we better define shadow IT in its modern form, we look at its causes, and we discuss how cloud automation and cloud management can help battle this, and other cloud challenges.

Here is what Jay had to say:

3449cb5Cloud Sprawl: What is shadow IT? Why is shadow IT an issue within the enterprise today?

Jay Lyman: Shadow IT is a concept that describes something that isn’t in the light. It’s effectively a one-off use of a technology internally by a department or a team, that doesn’t necessarily have approval from above.

When we talk shadow IT, it’s a reference to things going on without central IT being notified or knowing what’s going on – grabbing some AWS instances and setting up your devops or testing environment on your own. There’s a perception that this is about sidestepping or bypassing your central IT organization and that it’s not above-board. That’s not entirely the case, today.

We’re starting to the emergence of what I call “shadowy IT,” because it’s much more nuanced than the historical scenario. Today, the developers and lines of business understand that they can’t push an application or service through to production on a cloud and use tools that haven’t been sanctioned by their central IT department. However, they are still going to demand resources and support much more rapidly in order to prevent them from going into the shadows.

On the IT operations side, there’s an understanding that at some point this needs to become accepted, above-board and sanctioned by central IT, which today tends to understand that they’re under the gun. They’re competing with public clouds, open source software, SaaS and other services. They need to be more flexible in working with the developers and lines of business to source and manage the specs and tools more effectively. They can ensure that developers don’t bypass them by responding in a more timely fashion and providing the infrastructure and services that their internal users are demanding.

So – given that there’s a changing perception on this – shadow IT is no longer grounds for getting someone in trouble – although it still can, at times, based on the sensitivity of the systems and data. Now there’s a new propensity for the leaders of the centralized IT department to say, “Let’s take what you’re doing, make it normalized and above-board and something that is sanctioned. To do so, we’re going to task the team of developers that want to use this with proving it. Prove the time savings, the cost savings, the efficiency or other advantages. Show us that you can pull this off without sacrificing quality or performance.”

This is very similar to what we saw with open source software. Ten years ago, that was something that crept into the organization under the door and through the cracks. Then we began seeing policies around using open source by enterprise organizations.

We’re seeing the same thing around cloud computing and some of the other tools and resources. [Enterprises are] coming up with policies, and establishing technology review boards that have their eyes on the next thing and where they can fit into that. Docker application containers is a perfect example. It’s something new on the scene – very early stage – but not something that can or should be ignored.

The main challenge of shadow IT today is the aspect of normalizing and standardizing. And it’s a tough challenge because there are all of these different pieces today. We’re not talking about taking out your server hardware and your storage hardware, we’re talking about a lot greater variety at both the application layer and the infrastructure layer.

Cloud Sprawl: What is cloud automation and cloud management? How can cloud automation and cloud management help overcome the challenges enterprises face when moving to the cloud?

Jay Lyman: A lot of times, cloud management platforms serve as the net that is cast over as much of your cloud applications and infrastructure as you can. These solutions aggregate and unify through dashboards and provide an operators’ view of resources. This goes back to the biggest challenge – what is being used, by who, for what, and how much is it costing? This brings it all together and delivers a unified view.

Also, you don’t want to have to build and reinvent all of the wheels of your vehicle. You want it standardized, normalized and – in the case of enterprise IT – sanctioned. That’s what these CMPs do. They allow all of that shadowy IT and one-off use to be normalized and done above-board, consistently and more easily and more efficiently.

We hear about these platforms being used to help support self-service for developers and lines of business – to help them have a more regular response to updates, patches and security issues, and a response to these new technologies and tools instead of being set in what they’re using. There’s a great deal of flexibility required, and these CMPs can aggregate a lot of that polyglot use.

Cloud Sprawl: What should enterprises look for in a cloud automation and cloud management solution?

Jay Lyman: Automation, governance and policy-driven management can all help organizations effectively address and manage the cloud. And if you can enable policies that trigger action, infrastructure management becomes much more automated and responsive. Security issues are a prime example. Organizations that have focused on agility, performance and quality are often able to move beyond triage services to security management and automation that is much more responsive and effective.

You also want your cloud management to match your infrastructure priorities. Many are pretty heavy into supporting AWS – and that’s where a lot of this starts. But there are other clouds and tools beyond that. Some providers go deeper on other, additional clouds. Or other integrations or partners. Basically, it’s important to see if your key infrastructure and framework and tools are supported – as many of them as you can. This is where we see things like Chef, Puppet, Ansible, Salt, Jenkins continuous integration server and other infrastructure and process automation tools playing a prominent role.

It also comes down to what you want to do with the cloud. Is it consumer facing? Does it need to scale up quickly for big events? Or is this going to serve your internal developers? All of these things play an important role. Given all of these different infrastructures that need to be supported, that will largely determine what provider and what technology is going to be best.

Cloud Sprawl: What is the difference between legacy cloud management platforms (CMP’s) from 3-4 years ago vs. news tools or techniques?  Why are the differences important to enterprises?

Jay Lyman: The older CMPs can present the problem of getting in the way. Security measures can be good, but if they’re too cumbersome, confusing or complex, they run the risk of being disregarded and then you’re back to shadow IT.

[CMPs] have been traditionally viewed as coming from the company or central IT, and that’s sometimes why they struggle to gain traction internally. There’s not as much enthusiasm if it’s coming from the top-down, though we’ve seen more top-down adoption of cloud and devops in the last 18 months. The tools that address both central IT and developers/lines of business seem to be the best way to gain the widespread, grassroots adoption from the bottom up to the point of credibility and assurance from central IT and leadership.

Whether from older or newer providers, CMPs must address both camps. That’s the dual audience theme of devops – it’s developers and IT operations. And that’s expanding to more enterprises and service providers. In that way, devops continues to be a very big part of the CMP ecosystem and market.

For this reason, it’s important to serve not only the developer, but offer the capability, assurance, support and the SLAs that enterprises expect to capture top-down adoption as well. Something that serves both sides of devops is going to be a better fit for organizations seeking greater speed, efficiency and effectiveness.

The post Battling “Shadow IT” and uncertainty with cloud management and automation – a Q&A with Jay Lyman appeared first on CloudSprawl.


Viewing all articles
Browse latest Browse all 4

Latest Images

Trending Articles





Latest Images