Gartner predicts that nearly one-third of IT spending will go to support “shadow IT” use cases. Shadow IT is basically any purchase of equipment, software or data center resources for uses other than production IT. These purchases are typically outside of the CIO budget.
One-third is a big number, and this number is not expected to drop at all in the next five years. In fact, I predict it will go up because many CIOs are just not providing the resources and support that other groups in the company need. Now that it is relatively easy to move applications to the cloud or to hosted data centers, other groups outside of IT are simply taking matters into their own hands.
What are the use cases that are driving shadow IT? They are many, but the primary ones are all lab related. Traditionally, many companies have development and testing labs that are not managed by IT. Even as many of these labs implement DevOps principles to provide a continuous process from development all the way to production IT, they are mostly implementing these new techniques outside of production IT.
Several use cases for Shadow IT
New use cases are proliferating for Shadow IT as organizations respond to new demands from customers, partners and regulatory agencies. One important example is security testing. More industries are investing in security and cyber testing, including government labs that use a special form of security testing called “cyber ranges.” This approach requires a lab with equipment that is set up and configured to exactly mimic the production configuration. For example, without this testing, many financial-services firms will not deploy any new applications or infrastructure into production for fear of failing to meet their legal-compliance and privacy requirements.
The use of shadow IT is also growing in other line-of-business activities in many organizations, such as sales enablement. Performing demos and proofs of concept for customers has long been the responsibility of the sales organization in most companies. The labs where this work is done almost always fall outside of IT’s control and budget. As hosted data centers and web-based remote access become prevalent, more companies are abandoning demos and proofs of concept at customer sites and are instead centralizing those resources into data centers that customers and sales teams can remotely access, often using self-service.
Over the last two years, we have seen a big movement toward doing these activities at resellers and integrators and/or by building a lab at a hosted data center to house the equipment and software. Sometimes these demos and proofs of concept can run using a public cloud, but often they can’t because the customer really wants to configure the demo or POC to mimic their own internal or hybrid configurations as closely as possible.
Another growing use of shadow IT is for partner enablement. In many industries, partner ecosystems around products are critical to long-term success. With software-defined infrastructure, partner ecosystems are even more prevalent, as any software or infrastructure is designed to be easily integrated with and controlled by outside tools.
As the major computer hardware and software vendors embrace this approach to the market, pioneered by companies like Salesforce and others, they develop partner labs where these ecosystem partners can easily access and develop or certify against their equipment and interfaces, preferably without the requirement to invest heavily in purchasing any of it. Salesforce does so with force.com and Cisco does it with Cisco Devnet, its platform for ISV partners. Although some development can be done in public clouds, much of it requires direct access either to physical hardware or to a hybrid configuration.
What do all of these use cases have in common that keeps them from being supported by production-IT departments? Simply put, they need to allow their users to mimic different configurations on common equipment while simultaneously using that equipment.
Production data centers try to do the opposite. They provide only one underlying hardware and software configuration, forcing all users to access that configuration through a virtual interface. Although this approach is ideal for production-IT uses, it is not ideal for all of these other use cases. These use cases really need to be in a lab environment where each user (whether internal or external) gets sandboxes to work in—whether for development, testing, security certification or demos.
Until production IT changes its approach, these use cases will continue to fall outside of IT. And since these types of use cases are getting more prevalent, shadow IT will continue to be a growing market. The good news for data center managers is that since these shadow IT use cases are not run by people who can build and operate their own infrastructure, they will also be a boon for hosted third-party data centers.