Dec 07 2016

Businesses Face Security Issues Due to Decentralized IT, Survey Says

As IT purchases and management become more dispersed throughout organizations, cybersecurity issues are popping up, according to a VMware-sponsored survey.

The procurement and deployment of IT resources has been growing more decentralized over the last several years, according to a recent survey sponsored by VMware, and it is not a welcome trend among IT professionals and decision-makers. That’s largely because decentralized IT is more difficult to manage and creates security vulnerabilities inside an organization’s systems and networks.

According to the survey, 69 percent of respondents agreed that the management of IT has become increasingly decentralized in the past three years. Further, 57 percent said that decentralization has resulted in the purchasing of nonsecure solutions, suggesting that IT is not fully prepared for such a transition and that it could be causing more harm than good.

The survey, which was conducted by technology market research firm Vanson Bourne in August and September, targeted 3,300 people from 20 countries split across the Americas (24 percent), Asia-Pacific (39 percent), and Europe, the Middle East and Africa (36 percent). The respondents represented 20 industries with an average company revenue of $3.7 billion. Half of those surveyed were business users and half IT.

A Shift in IT Procurement

What is decentralized IT in the first place? Chloe Byrne, a project manager at Vanson Bourne, defines it this way: any employee within any business department in an organization, other than the IT department, making IT purchases or installing or maintaining software. It even covers instances when employees are using software without the involvement or approval of the IT department.

The shift toward the cloud is a contributing factor to decentralized IT, Byrne says, since it enables non-IT staff to purchase their own cloud IT more easily. The responsibility for procuring and managing IT has shifted away from IT departments, especially in larger organizations, as lines of businesses are now purchasing IT “as a service” to drive innovation within their respective domains.

While such shifts could lead to more innovation and take the burden off of IT, they also create a range of management, security and compliance issues. According to the survey, IT departments are not happy about the changes.

Fully 65 percent of IT respondents want IT to be more centralized, and 74 percent believe that the IT department should be responsible for enabling other lines of business to drive innovation.

Security Is a Key Concern with Decentralized IT

A downside of decentralized IT is that those making the IT purchases will not properly vet the solutions they are buying, and furthermore will not maintain them well enough.

The survey found that 57 percent agree decentralization has resulted in the purchasing of nonsecure solutions, and 60 percent agree decentralization results in applications being developed outside of corporate or government regulations. Additionally, 56 percent agree decentralization results in a lack of regulatory compliance with data protection.

According to Byrne, 58 percent of survey respondents say there is a lack of clear ownership and responsibility for IT. “This is despite the fact that the vast majority think that it is the IT department’s responsibility to manage the security of their organization’s applications and data,” she says. “But if a non-IT employee purchases IT without knowing how to ensure security for their organization’s data, they may be putting that data at risk: respondents say that decentralized IT has caused an increased vulnerability to hacking and cyberattacks.”

Overcoming Issues as IT Becomes More Diffused

Respondents from small and medium-sized businesses are less likely to say that decentralized IT causes a lack of clear ownership (and responsibility for IT) than those from larger organizations, Byrne says.

That makes sense, since smaller organizations are likely to have fewer employees willing or able to make large IT purchases. SMBs also likely have fewer IT purchases to make than larger firms, and the company’s management and IT leadership can more tightly control the IT spending that does occur.

However, Byrne says that “for most other challenges related to decentralized IT, it is a similar proportion of respondents saying that the challenges are happening in their organization. SMBs are still likely to be facing challenges due to decentralized IT.”

From a financial perspective, businesses are seeing an average increase of 5.7 percent on technology spending as a result of decentralization, according to the survey. Furthermore, 61 percent believe decentralization creates a duplication of IT spending across the organization. Meanwhile, 57 percent believe decentralization creates a lack of awareness of overall IT spending across the business. Byrne says that decentralization doesn’t necessarily mean that IT departments need to be back in full control (especially since there are benefits for giving control to non-IT departments).

Decentralized IT can cause a lack of awareness of company-wide spending on IT, and also means that some IT costs are duplicated within an organization, Byrne notes. At the same time, decentralized IT can allow organizations to innovate more quickly, launch new products and services in a shorter amount of time, respond more quickly to market changes, and even improve employee satisfaction.

However, she says “organizations need to educate their employees in all departments so that they understand the risks of non-IT staff purchasing and managing IT. Non-IT employees should keep the IT department in the loop when they do make IT purchases, so that the IT department can ensure the security of the organization’s data.”