How To Work With Shadow IT and Keep DevOps Happy

Most commonly referred to as IT (Information Technology) behind IT’s back, Shadow IT is common. Many of us use Shadow IT without knowing or understanding the risks. For instance, if you have sent files to friends, colleagues, or customers using Dropbox, Sharefile, etc., and don’t have an enterprise-provided account for them, you’ve used Shadow IT. If you ever used personal public cloud accounts to test your applications, you would be considered a Shadow IT practitioner.

Convenience and productivity are often the drivers for adopting Shadow IT. Employees deploy solutions that their IT departments do not approve. Often the reasoning is that using the traditional route for approvals is too complicated or time-consuming.

The Upside of Shadow IT Revealed highlights some interesting points:

  • 21% of organizations don’t have any policies surrounding the use of new technology
  • 77% of IT pros agree that Shadow IT will become a bigger issue at their company by 2025
  • 40% of IT pros admit to using unapproved tech themselves despite the risks

When development teams choose unsupported cloud infrastructure without IT involvement, the network team loses visibility and security. Also, cost control for the application service levels goes unaccounted for once the developed application goes live.

The objective of gaining visibility and control over Shadow IT is not to block agile development and use of innovative services but to have a controlled environment, which gives the organization the best of both DevOps and IT – that is, to keep a secure and controlled environment while enabling agility.

The new paradigm of DevOps as the center of the application universe requires infrastructure to secure and scale applications across multiple environments in a way that does not require developers to deal with security and networking complexity nor have to wait weeks for provisioning. The needs for the infrastructure touches many constituencies (an IT administrator, an application developer, DevOps, tenants, and the person responsible for the costs).

However, with all the risks, Shadow IT is here to stay due to the benefits it brings to the organization in productivity, innovation, and deployment time. So, IT needs to enable the enterprise to adopt the best aspects of Shadow IT while reducing the downside and risks.

[You may also like: 4 Reasons Why Application Delivery is Critical to DevOps]

What IT Departments Can Do to Address Security Concerns

IT needs to provide visibility and control of shadow IT applications to address cost, security, availability, and disaster recovery concerns for the enterprise. Gaining visibility and control requires addressing the key needs of those adopting Shadow IT. Vetting, enabling, and adopting new, easy-to-deploy off-the-shelf applications and services along with investments in self-service, orchestration, and automation all address one of the core reasons for adopting Shadow IT – complicated and time-consuming provisioning.

The preferred solution for DevOps and NetOps to secure applications across all supported environments must address the following:

  • Seamlessly integrate with DevOps automation tools of choice such as Ansible
  • Simplify administration and remove requirements for networking and security expertise
  • Execute complex and tedious tasks with personalized automation and self-service wizards
  • Allow centralized management to enable quick and easy deployment & configuration self-service across multiple cloud and on-premise environments
  • Provide insightful and actionable reports for NetOps, DevOps, and SecOps to stay on top of the end-to-end application availability and security status
  • Allow automated licensing to allow ease of deployment in any environment, for any app security service capacity, with seamless scale up or down.

[You may also like: Agile, DevOps and Load Balancers: Evolution of Network Operations]

For enterprises with Shadow IT, there are several ways to address security and disaster recovery concerns. One way is to ensure security and scalability are a part of IT’s self-service, orchestration, and automation systems; do not require additional effort from those driving adoptions of Shadow IT applications and services.

Download The State of Web Application and API Protection to learn more.

Download Now

Prakash Sinha

Prakash Sinha is a technology executive and evangelist for Radware and brings over 29 years of experience in strategy, product management, product marketing and engineering. Prakash has been a part of executive teams of four software and network infrastructure startups, all of which were acquired. Before Radware, Prakash led product management for Citrix NetScaler and was instrumental in introducing multi-tenant and virtualized NetScaler product lines to market. Prior to Citrix, Prakash held leadership positions in architecture, engineering, and product management at leading technology companies such as Cisco, Informatica, and Tandem Computers. Prakash holds a Bachelor in Electrical Engineering from BIT, Mesra and an MBA from Haas School of Business at UC Berkeley.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center