In a lot of ways, this reminds me of the 90's when departments went wild with building their own data centers and IT capabilities. In a lot of cases, that resulted in higher costs, security vulnerabilities, and poor integration, Olds said.
When IT is left out, its personnel has no idea how secure the clouds are or exactly where the information is being stored. It also means IT can't negotiate the best deal -- one that could encompass many different departments or data stores.
Best case, organizations might end up spending more on cloud services than they would if they mounted the service on systems the data center already owns, said Olds. Worst case, the organization could find that critical data is now outside their firewall and perhaps could be accessed by folks who shouldn't be able to see it.
Since analysts doubt IT can stop businesses from bypassing them on a whole-scale level, they say the tech execs need to set up strong cloud governance policies.
Its not really acceptable for IT to say no when someone wants to use the cloud, said Leong. They need to set up service agreements with approved providers and set up controls for how secure information needs to be. How do they provide risk management? How do they make this work instead of just saying, You cant do this.
Every time we take a step further into the information age, its unprotected, said Kagan. IT says theyre swamped just keeping everyone connected. They dont really have the time to proactively protect against future threats. They have to make the time.