It’s quietly lurking in dark recesses of data centers of all sizes. In the back of our minds, we know the odds are that it exists in our facilities, but deep down we want to believe it’s no big deal. Shadow IT is quietly putting our operations at risk, creating new security threats and introducing considerable waste into data operations. Not only is it more prevalent than most businesses realize, it also costs more than they think.
Shadow IT is hardware, software and databases that have not followed company-established protocols. Instead, it’s created without awareness or visibility to executive management and deployed by the company’s IT department. No one intends to create an ecosystem where shadow IT can hide, but it develops over time. It’s important to understand both the impact and the risks shadow IT presents to data center operations as well as, on the physical layer, how it can be uncovered and eliminated.
How Shadow IT Infiltrates the Company
Depending on their structure, midsize and large companies often have an overarching IT-governance department that ensures all IT hardware devices, software and so on conform to security, licensing, asset-life-cycle management and other requirements. Other “non-IT” departments often have their own IT guru who serves as the “go-to person” for customizing internal software, specialized printers, websites or even spreadsheets for the department. These departments may need some quick and flexible development of products and services that are difficult to execute when approval from IT governance is required.
Considering the lengthy internal approval process of some organizations, these individual departments may decide to covertly create their own servers, download software or set up their own database without IT governance review and approval—especially when it’s a small project or a time-sensitive situation. Although doing so might appear to be good for the company, it’s a slippery slope that opens up the entire database to greater risk. First and foremost, circumventing the process increases the organization’s vulnerability to security breaches and unauthorized access to sensitive data.
Beyond the top-line risks, the addition of rogue software and databases makes license management impossible and puts the organization in an embarrassing and costly position if caught exceeding the allowed number of users per license. Another risk is poor network performance owing to bottlenecks from numerous devices sending and receiving multiple data points. From a financial standpoint, accounting departments are unaware of these covert assets and their life-cycle status, causing errors and inaccuracies in bookkeeping.
Shadow IT’s Physical Impact on Data Centers
When rogue departments secretly add equipment to a data center, they are most often throwing the organization’s data center strategy out of alignment without even knowing it. At the physical level, the impact shadow IT has on a data center can cause compounding and potentially dangerous situations. From space issues, power and cooling-capacity needs to unexpected operating costs, neighboring equipment becomes vulnerable to damage and outages if incorrectly racked or cabled. Major points of concern are the poaching of allocated cabinet space, circumventing circuit protection best practices and sabotaging of cabinet cooling strategies.