What steps can CIOs take to neutralize cloud shadow IT?

In today's service provider-saturated digital ecosystem, business users' desire for increased agility and autonomy can often lead them to bypass central IT when choosing cloud providers. Unfortunately, many of those cloud shadow IT projects are not scalable and expose the organization to indeterminate risks, said Marco Meinardi, research director at Gartner.

Some organizations address the issue of cloud shadow IT by taking measures to deny end-user access to cloud services. A client recently told Meinardi that they've gone so far as to block access on their firewall to all Amazon.com IP addresses. Other organizations apply their standard governance and intermediation processes to new cloud environments, often using the cloud just like another data center to simply provide compute, storage and network. Neither are effective approaches, according to Meinardi.

"Organizations that have been successful at neutralizing shadow IT have focused on enabling end users to achieve their goals while preserving the ability to enforce governance principles," he wrote in a blog post on what he dubbed "self-service enablement."

The idea is to offer an official pathway to the cloud. "To accomplish that, [IT organizations] have rethought their operational and governance models and they've become brokers of externally sourced IT services."

At Gartner Catalyst Conference 2018, we sat down with Meinardi to discuss public cloud self-service enablement approaches that can help neutralize cloud shadow IT projects.

Editor's note: The following transcript has been edited for clarity and length.

What public cloud self-service enablement approaches can help neutralize cloud shadow IT projects?

Marco Meinardi: First and foremost, I wanted to say that self-service enablement is key to neutralize the phenomenon known as shadow IT. [Cloud shadow IT projects] are still a reality, although less and less because a lot of these initiatives are surfacing, and CIOs and IT departments are aware that they're happening. If you give users an official pathway to access cloud services, they will use it -- as long as it doesn't produce too many constraints on what they want to accomplish.

There are several approaches for self-service enablement and governance. [IT organizations] can start from basic provisioning of individual resources, like publishing virtual machines on a catalog. That's what we were doing in data centers -- providing virtual servers.

They can also be more evolved and provide templates that can automate and standardize environments of applications. Or [these approaches can be] much more innovative, like standardizing and allowing access to public cloud providers so that users can access the Amazon Console, the Amazon API and the [Microsoft] Azure API directly, while IT just focuses on enablement by configuring guardrails and defining the degree of freedom that users can enjoy within these guardrails. [This allows business users to] be more agile and be faster in their decision-making. At the same time, IT can enforce governance and compliance.