Shadow IT Expanding Within Federal IT Environments
August 07, 2015

Joel Dolisy
SolarWinds

Share this

Shadow IT and mobile device use continues to expand within federal IT environments, while some IT pros lack control and confidence in their ability to manage the accompanying security risks, according to a SolarWinds survey on the current state of government IT management and monitoring. The survey also found that adoption and benefits of IT shared services are overcoming organizational resistance.

Not Enough Leadership Focus on Shadow IT

While only 12 percent of respondents indicated that shadow IT — when IT systems and solutions are built and used inside organizations without explicit organizational approval — is an area of high importance and leadership focus in their agency, nearly six in ten (58%) expect the use of shadow IT to increase in the next two years.

■ Shadow IT ranked second among areas that IT departments have least control over in terms of management and monitoring

■ Only 13 percent of respondents are very confident in their ability to protect against the negative consequences of shadow IT

■ A majority of respondents (71%) indicate that security consequences are the biggest issue with shadow IT, followed by duplication of IT efforts (50%), lack of interoperability (37%) and lack of adequate performance monitoring (36%)

■ Organizations using management and monitoring tools are significantly more confident than those who do not in their ability to protect against the negative consequences of shadow IT

Low Confidence in Data Protection Persists

Thirty-six percent of respondents indicate that only agency-owned mobile devices are allowed to access to their systems, but 80 percent of respondents still believe that mobile devices pose a threat to their agency’s security and 35 percent don’t provide security training for mobile device users.

■ Only 25 percent of respondents are very confident in their agency’s ability to effectively protect their organization’s data

■ The majority of respondents utilize data encryption (65%), firewall rule audits (60%), mobile device wiping (55%), mobile application inventory and authorization (52%), and two-factor authentication to secure mobile devices (52%), but at least 35 percent of respondent haven’t fully implemented any of these solutions

■ Respondents indicated that securing both the application and the device (43%) was the most challenging aspect of mobile technology security followed by ensuring devices are not infected by malware (37%) and that data is not accessed by unauthorized users (36%)

IT Shared Services Gain Traction and Deliver Benefits

Despite perceived concerns that IT shared services would compromise security, performance and control, more than half of respondents see them as beneficial to all agency stakeholders, including IT department personnel, end users, agency leadership and citizens/constituents .

■ Respondents rated the key benefits of shared services as saving money by eliminating duplication (60%), achieving economies of scale (54%) and standardized IT services for consistent performance (52%)

■ More than 80 percent believe that either an internal shared services model or an outsourced private partnership is most likely to provide superior customer service versus no shared services

■ The biggest widespread adoption barriers for shared services include cultural resistance to change (56%), perceived decreased flexibility (37%) and lack of executive buy-in (37%)

Fully securing a federal IT environment will undoubtedly remain a key concern for IT pros, and as control issues creep in with shadow IT and the mass adoption of mobile devices, security is brought to the management forefront. Agency leaders must not only provide their IT pros with the right tools to maintain control and security of their infrastructure, but remain flexible in considering operational and organizational changes like IT shared services that can help institute agency-wide security protocols and more.

“SolarWinds’ study provides detailed insight into how federal IT pros are adapting, managing and assuring oversight as shadow IT, mobile technology and shared services continue to grow in their environments,” concludes Laurie Morrow, Director of Research Services, Market Connections, Inc. “This research reinforces that fully implementing multiple management, monitoring and security tools provides significantly more control and confidence throughout IT organizations in the wake of this change.”

Joel Dolisy is CIO and CTO at SolarWinds.

Share this

The Latest

November 20, 2017

When you say "DevOps" one of the first words that comes to mind is "collaboration." But exactly how do we make this collaboration happen? This epic DEVOPSdigest list – posted in 7 parts – intends to find the answer. DEVOPSdigest asked experts from across the industry for their opinions on the best way to foster collaboration between Dev and Ops ...

November 17, 2017

Just in time for the holiday shopping season, APMdigest asked experts from across the industry for their opinions on the best way to measure eCommerce performance, in terms of applications, networks and infrastructure. Part 3, the final installment, covers the customer journey ...

November 16, 2017

Just in time for the holiday shopping season, APMdigest asked experts from across the industry for their opinions on the best way to measure eCommerce performance, in terms of applications, networks and infrastructure. Part 2 covers APM and monitoring ...

November 15, 2017

As the holiday shopping season looms ahead, and online sales are positioned to challenge or even beat in-store purchases, eCommerce is on the minds of many decision makers. To help organizations decide how to gauge their eCommerce success, APMdigest compiled a list of expert opinions on the best way to measure eCommerce performance ...

November 14, 2017

More than 90 percent of respondents are concerned about data and application security in public clouds while nearly 60 percent of respondents reported that public cloud environments make it more difficult to obtain visibility into data traffic, according to a new Cloud Security survey ...

November 13, 2017

Today's technology advances have enabled end-users to operate more efficiently, and for businesses to more easily interact with customers and gather and store huge amounts of data that previously would be impossible to collect. In kind, IT departments can also collect valuable telemetry from their distributed enterprise devices to allow for many of the same benefits. But now that all this data is within reach, how can organizations make sense of it all? ...

November 09, 2017

CIOs trying to lead digital transformation at the speed needed to succeed need a mix of three scale accelerators, according to Gartner, Inc. The three scale accelerators include: digital dexterity, network effect technologies, and an industrialized digital platform ...

November 08, 2017

While the majority of IT practitioners in the UK believe their organization is equipped to support digital services, over half of them also say they face consumer-impacting incidents at least one or more times a week, sometimes costing their organizations millions in lost revenue for every hour that an application is down, according to PagerDuty's State of Digital Operations Report: United Kingdom ...

November 07, 2017

Today's IT is under considerable pressure to remain agile, responsive and scalable to meet the changing needs of business. IT infrastructure can't become a bottleneck, it must be the enabler. But as new paradigms, such as DevOps, are adopted, data center complexity increases and infrastructure constraints can block the ability to achieve these goals ...

November 06, 2017

It's 3:47am. You and the rest of the Ops team have been summoned from your peaceful slumber to mitigate an application delivery outage. Your mind races as you switch to problem solving mode. It's time to start thinking about how to make this mitigation FUN! ...