Employees at a pharmaceutical company went rogue using a cloud service provider to crunch clinical trials data, only for the CISO to discover later that the company was out of compliance because HIPAA data was potentially finding its way into some of the loads — and so he blocked HIPAA data from uploading.
"I'm sure they're not the only ones," says Jaime Barnett, vice president of marketing at Netskope, a cloud apps analytics company, who related the incident.
"IT can be like a company's general counsel." — Sanjay Castelino, Spiceworks
Business users at another company signed on with a cloud service provider without IT's knowledge and made the mistake of assigning one of their own as the sole admin — a single point of failure, in the parlance of the tech set. It's something IT would never have done nor allowed. When the admin abruptly left the company, business users were forced to scramble.
Rogue Apps Can Bite the Business (and Users) in the ...
"Some things that come back to bite the business also come back to bite the users," says Sanjay Castelino, vice president of marketing at Spiceworks, a network for IT professionals, who related this incident.
If you think these horror stories are a rallying cry for CIOs to seek out and destroy rogue projects, it's not. These stories came out of this week's CITE Conference and Expo in San Francisco, specifically at a breakout session entitled "Let Your Users Go Rogue Without Going Off the Range," where panelists made up mostly of marketing executives argued for CIOs to help rogue projects be more successful.
In the age of cloud services and mobile apps, rogue projects are flourishing. Enterprises have an average 461 cloud apps running in their organizations — nine to 10 times IT's estimate — according to Netskope's cloud report, which looked at billions of transactions across hundreds of thousands of users.
A whopping 85 percent of these apps aren't enterprise-ready even though many are business critical. Apps span everything from CRM to business intelligence to software development.
CIOs wanting to block these rogue cloud apps face an uphill battle.
"Blocking doesn't work, blocking breaks business process," Barnett says. "Ninety percent of usage is in blocked apps."
Why Cloud Vendors Should Befriend the CIO
Part of the problem is that the CIO is brought late in the decision process, if at all. Many cloud service providers at the CITE Conference admitted to courting end users directly, thus bypassing the IT department's slew of security requirements, service-level agreements and other technical hurdles.
But cloud service providers and app makers can benefit greatly from a CIO, such as ushering the rogue tech throughout a company. Speaking to CITE Conference attendees, Bret Taylor, CEO and co-founder of Quip, a mobile word processing app with built-in collaboration capabilities, says engineers at a company were using Quip without the CIO's knowledge. After the discovery, the CIO called Taylor, wanting to talk.