Shadow IT’s Impact on Federal Government
Author: Town Hall On-Demand
IT services are easier than ever to procure and provision – leading to the rise of so-called “shadow IT” groups, where executives are using cloud computing and their own devices to bypass their IT departments to bring capabilities online quickly. In government agencies, the policies and procedures have not kept up with the change, which has led to widespread disruption and a big shift in who is making IT decisions.
In this Town Hall featuring former CIA and NSA Director Gen. Michael Hayden and CSC experts, we take a close look at the business drivers behind shadow IT and how IT organizations can respond
- Gen. Michael Hayden, former Director of CIA and NSA
- Todd McNabb, Director of Cloud Computing for Public Sector, CSC
- Sunil Bhargava, Global Portfolio Executive for Cloud and Hosting, CSC
- Jeff Caruso, Senior Managing Editor, CSC
Shadow IT, Cloud Computing Bring Cultural Change
When the need for computing resources and infrastructure can’t be met by traditional procurement and IT planning processes, other business and government employees take matters into their own hands. In a recent CSC Town Hall, panelists discussed the impact of this so-called shadow IT on government agencies and the role that cloud computing can play to meet demand.
Participants included Gen. Michael Hayden (Ret.), former director of the CIA and NSA; Todd McNabb, CSC’s director of cloud computing for the public sector; and Sunil Bhargava, global portfolio executive for cloud and hosting at CSC.
“Shadow IT has been around as long as IT has been around,” McNabb says. “People have project plans they want to complete without waiting on a long RFP, so when they can acquire resources online or through other means to accelerate their project, they’ll do it.”
Gen. Hayden says that while most shadow IT infrastructure is built with good intentions, the sum total is strategic and corporate chaos. “There were times when we had trouble identifying what infrastructure was serving whom. And occasionally we had to throw a switch and wait for the phone to ring to know where an individual shadow server fit into the broader IT structure,” he says.
Drivers behind shadow IT
Bhargava says the growth of shadow IT is driven by the acceleration of project timelines that conflict with cumbersome processes to specify, bid, buy and stand up traditional IT infrastructure. “Usually you get access to resources six to nine months from when you started, and the entire project duration might be less than that,” he says.
Two significant trends are pressing agencies to move to a new cloud-based approach to build IT capability, Bhargava says. One is the consumerization of IT. “Many of us have found we have more current, capable IT at home than at work. That raises our expectations of what we’ll have access to on the job, especially the arriving workforce,” he says.
The second trend, Web 2.0, has allowed the creation of web-based applications, completely changing the nature of provisioning IT resources. “There is no installation, shipment, CD or download,” Bhargava says. “You just authorize access and authenticate. This trend is happening in parallel, globally in both commercial and government sectors, at the federal and state level.”
Cloud-based services offer agencies a fresh start, Hayden says. “In years past when you spent time making IT better for your agency, you were probably making it harder to communicate with other agencies. Now managers see this as a way to jump over cultural and technical barriers they created in the past. You don’t have to blow up what everyone has; you just build over it with applications offered as a service.”
When the subject of cloud computing surfaces, the question of cloud security is inevitable. As Hayden points out, a well-implemented cloud increases security. “First, you get rid of all the stragglers and one-off servers that create serious holes in your infrastructure that you don’t even know about. Then, you create economies of scale that allow you to put resources into security architectures and techniques that you couldn’t justify doing locally for each specific piece of infrastructure.”
Bhargava says that consolidation in software platforms yields significant security improvements as well. “One of our customers had 26 golden images of Linux, which is a lot to update, track vulnerabilities, and maintain with patches. By moving to cloud, we’ve reduced their count to five golden images. Some may still think that’s a lot, but they have a much smaller number of targets to assess and more consolidation is likely over time. So by going to cloud, they actually improved their security posture.”
McNabb says that agencies considering a move to cloud computing should pay particular attention to the service-level agreements for a given cloud solution. “Some SLAs are regional and apply to where you are in the world. You want to make sure the SLA for your solution is standard and specific to your agency and its mission,” he says.
CSC has developed a cloud solution specifically for the public market called BizCloud for Government. It is an on-premise, private cloud that is ready to deliver for production workloads in 10 weeks. This addresses the gap created between continuous new demands and the long procurements times of traditional IT. BizCloud gives agencies the same cloud economics as a public cloud in their data center, behind their firewall.
Hayden points out that a byproduct of the move to cloud-based infrastructure may be as important as any of the intended consequences. “This is a mulligan - a do-over for the intelligence community. We rushed into IT solutions 10 or 12 years ago to solve a very pressing national security crisis, but today we are living with the consequences of our haste. We should harvest those lessons and use that to inform how we build new architecture. Cloud gives us a chance to do just that.”