Why CIOs shouldn't block rogue Cloud apps

Why CIOs shouldn't block rogue Cloud apps

"Some things that come back to bite the business also come back to bite the users"

Employees at a pharmaceutical company went rogue using a Cloud service provider to crunch clinical trials data, only for the CISO to discover later that the company was out of compliance because HIPAA data was potentially finding its way into some of the loads and so he blocked HIPAA data from uploading.

"I'm sure they're not the only ones," says Jaime Barnett, vice-president of marketing at Netskope, a Cloud apps analytics company, who related the incident.

"IT can be like a company's general counsel." -- Sanjay Castelino, Spiceworks

Business users at another company signed on with a Cloud service provider without IT's knowledge and made the mistake of assigning one of their own as the sole admin -- a single point of failure, in the parlance of the tech set. It's something IT would never have done nor allowed. When the admin abruptly left the company, business users were forced to scramble.

Rogue Apps Can Bite the Business (and Users) in the ...

"Some things that come back to bite the business also come back to bite the users," says Sanjay Castelino, vice-president of marketing at Spiceworks, a network for IT professionals, who related this incident.

If you think these horror stories are a rallying cry for CIOs to seek out and destroy rogue projects, it's not. These stories came out of the CITE Conference and Expo in San Francisco, specifically at a breakout session entitled "Let Your Users Go Rogue Without Going Off the Range," where panelists made up mostly of marketing executives argued for CIOs tohelp rogue projects be more successful.

[Related: Even 'Rogue' Clouds Can Be Secured, Experts Say]

In the age of Cloud services and mobile apps, rogue projects are flourishing. Enterprises have an average 461 Cloud apps running in their organizations -- nine to 10 times IT's estimate -- according to Netskope's cloud report, which looked at billions of transactions across hundreds of thousands of users.

A whopping 85 percent of these apps aren't enterprise-ready even though many are business critical. Apps span everything from CRM to business intelligence to software development.

CIOs wanting to block these rogue Cloud apps face an uphill battle.

"Blocking doesn't work, blocking breaks business process," Barnett says. "Ninety percent of usage is in blocked apps."

Why Cloud Vendors Should Befriend the CIO

Part of the problem is that the CIO is brought late in the decision process, if at all. Many cloud service providers at the CITE Conference admitted to courting end users directly, thus bypassing the IT department's slew of security requirements, service-level agreements and other technical hurdles.

But cloud service providers and app makers can benefit greatly from a CIO, such as ushering the rogue tech throughout a company. Speaking to CITE Conference attendees, Bret Taylor, CEO and co-founder of Quip, a mobile word processing app with built-in collaboration capabilities, says engineers at a company were using Quip without the CIO's knowledge. After the discovery, the CIO called Taylor, wanting to talk.

"Quip went to 100 percent of the company in two weeks," Taylor says.

In addition to cloud service providers, line-of-business managers hesitate bringing in the CIO out of fear of being blocked. If CIOs can remove this fear, Barnett says Netskope's research shows business users are willing to work with the CIO to set and enforce policies. After all, they don't want to suffer the blowback from a rogue tech project that puts the company at risk.

[Related: CIOs Must Become Technology Consultants]

To this end, CIOs need to become more like internal consultants to the business, advising business leaders how to adopt a cloud service while still maintaining compliance and security. CIOs can act as a kind of cloud services broker playing a role in admin accounts, contract negotiations, user access rights and other technical details.

Spiceworks Castelino says CIOs can be pivotal in assessing and laying out the risk for each option and then letting the business user decide the course of action. While this wouldn't necessarily take liability off of the IT department, he says, the CIO can ward off trouble as a respected partner in the decision-making process.

"IT can be like a company's general counsel," Castelino says.

Tom Kaneshige covers Apple, BYOD and Consumerization of IT for Follow Tom on Twitter @kaneshige. Follow everything from on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Tom at

Read more about cloud computing in CIO's Cloud Computing Drilldown.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags CIO and rogue cloud appsrogue cloud appsSpiceworksCITEworld Conferencecloud securityTechnology TopicsLOB and cloud appscompliance and cloud appscloud computinginternetTechnology Topics | Cloud Computing



Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments