As agencies modernize IT and adopt new technologies, IT leaders face new challenges in managing and monitoring their IT environment. To what degree do these technologies and trends really affect the control IT departments have over agency IT? SolarWinds commissioned Market Connections to conduct a market research study to find out. Specifically, the research focused on shadow IT, mobile device usage and shared services.
The survey reveals that as shadow IT and mobile device use continues to expand within federal IT environments, some IT pros lack control and confidence in their ability to manage the accompanying security risks. The survey also shows that organizations are overcoming their historic resistance to shared services.
Highlights of the findings:
Shadow IT seen as area of least leadership focus despite growing security consequences
Shadow IT comprises those IT systems and solutions built and used inside organizations without explicit organizational approval. Nearly six in 10 respondents (58 percent) expect the use of shadow IT to increase in the next two years, while only 12 percent indicate shadow IT is an area of high importance and leadership focus in their agency.
- Shadow IT ranks second among areas over which IT departments have least control in terms of management and monitoring.
- Only 13 percent of respondents are very confident in their ability to protect against the negative consequences of shadow IT.
- A majority of respondents (71 percent) indicate that security consequences are the biggest issue with shadow IT, followed by duplication of IT efforts (50 percent), lack of interoperability (37 percent) and lack of adequate performance monitoring (36 percent).
- Organizations using management and monitoring tools are significantly more confident than those who do not in their ability to protect against the negative consequences of shadow IT.
Lacking confidence in data protection persists even with agency control of mobile devices
Thirty-six percent of respondents indicate that only agency-owned mobile devices are allowed to access their systems. While 80 percent of respondents believe that mobile devices pose a threat to their agency’s security, 35 percent don’t provide security training for mobile device users.
- Only 25 percent of respondents are very confident in their agency’s ability to effectively protect their organization’s data.
- The majority of respondents utilize data encryption (65 percent), firewall rule audits (60 percent), mobile device wiping (55 percent), mobile application inventory and authorization (52 percent). and two-factor authentication to secure mobile devices (52 percent). However, 35 percent of respondent haven’t fully implemented any of these solutions.
- Respondents indicate that securing both the application and the device (43 percent) was the most challenging aspect of mobile technology security, followed by ensuring that devices are not infected by malware (37 percent) and that data is not accessed by unauthorized users (36 percent)
IT-shared services continue to gain traction in federal IT, delivering financial and performance benefits
Despite perceived concerns that IT shared services would compromise security, performance and control, more than half of respondents see them as beneficial to all agency stakeholders — including IT department personnel, end users, agency leadership and citizens/constituents.
- Respondents rated the key benefits of shared services as saving money by eliminating duplication (60 percent), achieving economies of scale (54 percent) and standardized IT services for consistent performance (52 percent).
- More than 80 percent believes that either an internal shared services model or an outsourced private partnership is most likely to provide superior customer service versus no shared services.
- The biggest widespread adoption barriers for shared services include cultural resistance to change (56 percent), perceived decreased flexibility (37 percent) and lack of executive buy-in (37 percent).
“Fully securing a federal IT environment will undoubtedly remain a key concern for IT pros, and as control issues creep in with shadow IT and the mass adoption of mobile devices, security is brought to the management forefront,” said Joel Dolisy, CIO and CTO, SolarWinds. “Agency leaders must not only provide their IT pros with the right tools to maintain control and security of their infrastructure, but remain flexible in considering operational and organizational changes such as IT shared services that can help institute agencywide security protocols and more.”
To learn more, download the full report.