Archive

Archive for the ‘Corporate’ Category

What are Rogue Clouds?

January 22, 2013 1 comment

 

Scanning though my inbox today I saw a very interesting article/survey from Symantec on the formation of rogue clouds such as the use of drop box within an organization which has inspired a quick blog about it and dovetails nicely into an earlier post about the problem of shadow IT – What is Shadow IT ?

http://www.freedigitalphotos.netRouge Cloud Definition

“Rogue cloud is defined as business groups that offer public cloud applications which are not managed by or integrated into a company’s IT infrastructure.”

What is so bad about a Rouge Cloud in your infrastructure?

Lack of security over company information – You spend time and resources on providing a secure location for your information to be contained on (File Servers) with the use of VPN’s for remote connections, The best firewall’s that accounts will let you buy and policy’s for password length and complexity and your user base create a drop box account with a password of “password” and place business sensitive documents for working on at home.

Backing up and recovering data on that rouge cloud – You will spend hours designing and implementing a backup solution that stores business information which can be recalled with minimal effort and risk but when your user base transfer there documents to their rouge cloud all of that goes out the window and your left having to tell a user that you cannot recover that important document they spent all night working on because it’s not part of your network.

Unexpected outages and no agreed SLA (service level agreements) on availability – When working in IT you understand that when dealing

with vendors that look after critical business infrastructure  you really need to have an agreed (SLA) or backup plan in case of unexpected outages.

This however is not a big concern when you customer signs a cloud agreement and will complain at you about a bad internet connection when they are unable to access their cloud provider and does not grasp the concept that the service can be down and that you do not know when it will be back.

What can the IT department do about it?

Unlock KeyYou could use policy either though general corporate policy or IT policy to ban the use of the cloud, it would in fact makes it harder to locate and integrate with your corporate infrastructure and makes the IT department look like the bad guys and the department will still be blamed when the user cannot get to data or lost access to the data.

Do some root cause analysis to find out why there is an active rogue cloud within the organisation, is it because the IT department is moving too slowly for other departments or not providing the correct tools for that department.

Does your department have a clear message to upper management about the issues around using cloud’s and the issues connected with rouge clouds, Has the department been dragging their feet on the idea/adaption of a cloud based system ?

Dealing with this rogue cloud could involve IT department fostering relationships (Partnerships) with the business groups using the rogue cloud and becoming a trusted advisor rather than an adversary in a cloud based system.

Categories: Corporate, Technology

What is Shadow IT ?

January 15, 2013 Leave a comment

This is a quick Blog/Rant after a quick meeting with some of my user base after the migration of one of one their ops server to a virtualised server and stumbling across there shadow IT and am now in the process of (additional time and resources) moving that across as well which inspired me to create  a quick blog.

Question

Shadow IT Definition

“Shadow IT refers to the use of technology inside an organisation without the formal approval of the IT department. It ranges from the minor, such as unauthorised device usage, to the major: entire enterprise IT systems that can be funded and developed by business units or departments without the knowledge of the central IT team”

What is so bad about shadow IT?

Software asset management (SAM) is a big enough challenge when only the IT department is looking after the procurement of software licenses (Not including BYOD), But when the other departments procure without the IT department involvement software asset management is no longer possible and is a real headache come audit time of the infrastructure.

 Support of non-procured equipment (NPE) You answer a helpdesk ticket and discover that your customer is trying to install a NPE on to a corporate PC; this would normally result in to call to IT department manager who has a word with the customer’s manager and then your manager tells you to install it anyway this results in slew of helpdesk tickets as you try to get it to work with corporate infrastructure.

Lack of testing and change control is also another headache where new devices or applications appear without guidance from the IT Department, which results in the change and release management processes are missed and the impact on other of parts of the infrastructure are missed when planning works or updates (for example the moving of a physical ops server to a virtualised server)

What can the IT department do about it?

Building Blocks

You could use policy either though general corporate policy or IT policy to ban the use of non-approved equipment and software, it would in fact makes it harder to locate and integrate with your corporate infrastructure and makes the IT department look like the bad guys.

Do some root cause analysis to find out why shadow IT is active within the organisation, is it because the IT department is moving too slowly for other departments or is the IT department is seen as the Department of NO ?

Does your department have a clear roadmap for future showing what the department has planned and better still do upper management know that you have a roadmap?

Can the IT department be changed from a “we support everything and build everything” to “here’s how you build and support it” by fostering relationships (Partnerships) with the other departments the IT Department could be changed to become a trusted advisor rather than an adversary and share a common framework.

Categories: Corporate, Technology
raspberrypicloud

The University of Glasgow's Raspberry Pi Project

Tech-o-rama

Your all round solution for tech problems (and some others things...like spelling errors)

thedomesticfringe.com/

telling stories - making memories

Raspberry Pi Kid

A 14-year old's adventures with Raspberry Pi

Naked Security

Computer Security News, Advice and Research

Grumpy IT Girl

I'm not a very good writer

Dustin Software

Because programming is fun!

Pinoy Tekkie

USER-FRIENDLY TECHNOLOGIES FOR THE PINOY NOOBIES

petRockBlog

Fun stuff for technics enthusiasts

I Kissed My Date Goodnight

A single thirty-something embarking on motherhood through the miracle of adoption.

projectz

Tech, Gadgets, Photography, Social Media and Poor Spelling

Programming My Rasberry Pi

A brave fool's adventures into the unknown!

Chris Ainger's Blog

Where Fishing Meets Computing

PIPAL

Information wants to be free

ITtechExec: Protecting Tech Careers Since 2001

Technical Career Advancement: Transformed. Guaranteed.

CRUNCHEDD

Entertainment, Technology, Social Media Updates from in Between the Web…

StartupTunes

An Exclusive Web 2.0 Startups Review Blog

The Life of Me

Just another IT blog

NJrajgelani

The Best Place for Deziners

%d bloggers like this: