IT ‘Sprawl’ Spawning Security Gaps, Survey Finds
The steady shift toward purchasing IT "as a service" is accelerating the decentralization of infrastructure management, fostering growing security concerns as more enterprises shift operations to the cloud, according to study commissioned by VMware Inc.
The company (NYSE: VMW) pointed to growing concerns about IT fragmentation and the resulting security gaps to pitch its "cross-cloud architecture" designed to help manage emerging multi-cloud strategies. Based on those concerns, the virtualization vendor argued the IT managers aren't keeping up with the shift to the cloud, and that the embrace of "non-secure solutions" is creating new security and compliance issues.
The VMware survey found that 69 percent of respondents believe that IT management has become more decentralized over the past three years, with a majority (57 percent) agreeing that has led to purchases of non-secure cloud and other IT services. A roughly equal percentage of those polled said decentralization results in development of non-compliant applications, including compliance with data protection regulations.
Long-term IT cost savings along with greater efficiency and flexibility is driving the shift to the cloud. Indeed, the VMware study found businesses are on average spending 5.7 percent more on IT infrastructure, including new applications and "authorizing devices." Nevertheless, the survey's authors note that 61 percent of respondents said decentralization has fostered duplication of IT resources across organizations.
"This new dynamic, where business leaders go around the IT department to purchase technology, is fragmenting standards and increasing cost, complexity and risk to the firm," VMware asserted in a commentary on the survey results. "IT decentralization has increased vulnerability to cyber attacks, and the IT department—despite its lack of control over the purchasing, implementation and proliferation of technology across the enterprise—is still typically held responsible for security."
Nevertheless, another VMware study released in August also found that business users are gaining the upper hand on IT purchases while IT managers must deal with the security implications. Nearly two-thirds of respondents said business units are authorizing new devices for employees while 56 percent cited the purchase of third-party applications and just under half highlighted a shift in internal application development.
"Business users are taking control of a broad range of technologies—from devices to cloud to apps," the survey stressed. Ultimately, that shift is increasing IT costs and increasing security vulnerabilities, two-thirds of IT managers agreed.
"IT leaders are increasingly responsible for managing tech sprawl and have a reputation for supporting a 'culture of no' in an effort to make the organization secure and manageable," the survey commentary concluded. "However, business demands and technology adoption trends make it extremely difficult for IT to keep pace with" business units.
Among the proposed solutions to IT sprawl are network virtualization frameworks such as VMware's NSX platform. The network virtualization platform is designed to extend datacenter security to the cloud while tightening network security as enterprises adopt multi-cloud strategies.