![\"Microsoft](\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-stories-300x122.png\")
You don\u2019t know what you don\u2019t know. In the world of IT, illuminating those hidden areas helps stave off nasty surprises.<\/p>\nYou don\u2019t know what you don\u2019t know. In the world of IT, illuminating those hidden areas helps stave off nasty surprises.<\/p>\n
When elements of IT infrastructure are shrouded in mystery, it can lead to security vulnerabilities, non-compliance, and poor budget management. That\u2019s the trouble with shadow IT\u2014a term for any technical infrastructure that conventional IT teams and engineers don\u2019t govern.<\/p>\n
At Microsoft, we\u2019re on a journey to increase our shadow IT maturity, resulting in fewer vulnerabilities and increased efficiencies. To get there, we\u2019re leveraging tools and techniques we\u2019ve developed through our core discipline of Microsoft Azure optimization.<\/p>\n
[<\/em>See how we\u2019re doing more with less internally at Microsoft with Microsoft Azure.<\/em><\/a> Learn how we\u2019re transforming our internal Microsoft Azure spend forecasting.<\/em><\/a>]<\/em><\/p>\n Shadow IT is the set of applications, services, and infrastructure that teams develop and manage outside of defined company standards.<\/p>\n It typically crops up when engineering teams are unable to support their non-engineering partners. That situation may arise from a lack of available engineering capacity or the need for specialized domain solutions. On top of those circumstances, modern tools enable citizen developers to stand up low-code\/no-code solutions that enable businesses to reduce their dependency on traditional engineering organizations.<\/p>\n Six corporate function teams have been involved in creating shadow IT environments: business development, legal, finance, human resources, and our consumer and commercial marketing and sales organizations.<\/p>\n Many of the solutions they\u2019ve developed make strong business sense\u2014as long as they\u2019re secure and efficient. That\u2019s where our Microsoft Digital (MSD) team comes in.<\/p>\n Three years ago, our biggest driver was getting visibility into the shadow IT estate and finding ways to secure it. Now we\u2019re at a point where we\u2019re looking for cost savings\u2014that\u2019s a natural progression.<\/p>\n \u2014Myron Wan, principal product manager, Infrastructure and Engineering Services team<\/p>\n<\/blockquote>\n Over the last few years<\/a>, our IT experts have been working with the shadow IT divisions to increase the maturity of the solutions they\u2019ve developed, taking them from unsanctioned toolsets lurking in the shadows to well-governed, compliant, and secure assets they can safely use to advance our business goals.<\/p>\n Now that these shadow IT solutions are more secure and compliant, we\u2019ve turned our attention to efficiency and optimization to ensure we\u2019re able to do as much as possible with the least necessary budget expenditure.<\/p>\n \u201cThree years ago, our biggest driver was getting visibility into the shadow IT estate and finding ways to secure it,\u201d says Myron Wan, principal product manager within the Infrastructure and Engineering Services (IES) team. \u201cNow we\u2019re at a point where we\u2019re looking for cost savings\u2014that\u2019s a natural progression.\u201d<\/p>\n Because many of our shadow IT solutions leverage Microsoft Azure subscriptions, that was a natural place to start the optimization work.<\/p>\n Fortunately, we have robust discipline around optimizing Microsoft Azure spend in conventional IT and engineering settings. Microsoft Azure Advisor<\/a>, available through the Microsoft Azure Portal, has been providing optimization recommendations and identifying overspend for subscribers both within Microsoft and in our customers\u2019 organizations for years.<\/p>\n The plan was to take applicable recommendations that we use in our core engineering organizations and distribute them to the shadow IT divisions.<\/p>\n \u2014Trey Morgan, principal product manager, MSD FinOps<\/p>\n<\/blockquote>\n Internally, we\u2019ve added layers that help streamline the optimization process. One, called CloudFit, draws from a library of optimization recommendations, which are tailored to the specific needs of the teams we support. Then we use Service 360, our internal notification center that flags actions in need of addressing for our engineering teams, to route those recommendations to subscription owners within MSD, product groups, and business groups.<\/p>\n Optimization tickets then enter their queue and progress through open, active, and resolved statuses. It\u2019s a standard method for creating and prioritizing engineering tasks, and Microsoft customers could accomplish a similar result by building a bridge between Microsoft Azure Advisor and their own ticketing tool, whether that\u2019s Jira, ServiceNow, or others.<\/p>\n \u201cWe have an existing set of cost optimization recommendations that we use for a variety of different technologies like Azure Cosmos DB and SQL,\u201d says Trey Morgan, principal product manager for MSD FinOps. \u201cThe plan was to take applicable recommendations that we use in our core engineering organizations and distribute them to the shadow IT divisions.\u201d<\/p>\n Getting there was a matter of establishing visibility and building culture.<\/p>\n Many of the optimization issues within shadow IT divisions came about because of non-engineers\u2019 and non-developers\u2019 unfamiliarity or lack of training with subscription-based software. They might not have the background or expertise to set them up or even ensure that their subscriptions would terminate after they had served their purpose.<\/p>\n In some cases, vendors or contractors may have set up processes and then moved on once their engagement was complete. Each of these scenarios had the potential for suboptimal Azure spend.<\/p>\n Providing visibility into these issues was relatively simple. Because all Microsoft Azure subscriptions across our organization are searchable through our company-wide inventory management system and sortable by department, engineers were able to locate all the subscriptions belonging to shadow IT divisions. From there, they simply had to apply CloudFit recommendations to those subscriptions and loop them through Service 360.<\/p>\n Our people now have the information they need to act\u2014our organizational leaders can visit their Service 360 dashboard or can review their action summary report to see what they can do to cut their costs. That\u2019s where culture and education came into the equation.<\/p>\n \u201cCulture is always the number-one challenge when items aren\u2019t actually owned by a core engineering team,\u201d Wan says. \u201cWhen you have teams that are more about generating revenue or managing corporate processes, a lot of what we have to deal with is education.\u201d<\/p>\n It wasn\u2019t just educating teams about Microsoft Azure optimization techniques. CloudFit and Service 360 provided a lot of the guidance those teams would need to get the job done. To a great degree, non-engineering employees needed to build the discipline of receiving and resolving tickets like a developer or engineer would.<\/p>\n But through direct communications from FinOps tools and support from Wan\u2019s colleagues in engineering, we\u2019ve been meeting our goal of optimizing Azure spend in shadow IT divisions. In the first six months of this solution\u2019s availability, we\u2019ve saved $1 million thanks to various optimizations.<\/p>\n Shadow IT will always exist in some form or another, so this journey isn\u2019t just about remedying past inefficiencies. It\u2019s also about building a culture of optimization and best practices across shadow IT divisions as they use their Microsoft Azure subscriptions moving forward.<\/p>\n With these solutions and practices in place, we\u2019ve moved on from a “get clean” and “stay clean” culture to one where we “start clean.\u201d<\/p>\n \u2014Qingsu Wu, principal program manager, IES<\/p>\n<\/blockquote>\n \u201cAs we get more mature and divisions build up their muscles, we\u2019re actually getting to an ongoing state of optimization,\u201d says Feng Liu, principal product manager with IES. \u201cAs we build up that culture and that practice, folks are becoming more aware and taking more ownership and accountability.\u201d<\/p>\n Some shadow IT divisions are even going beyond FinOps recommendations. For example, our commercial sales and marketing organization uses shadow IT solutions so extensively and is so keen to optimize their budget that they\u2019ve automated the implementation of recommendations and created their own internal FinOps team.<\/p>\n \u201cThe whole vision of our shadow IT program is helping business teams to be self-accountable and sustainable,\u201d says Qingsu Wu, principal program manager for the Infrastructure and Engineering Services (IES) team. \u201cWith these solutions and practices in place, we\u2019ve moved on from a \u2018get clean\u2019 and \u2018stay clean\u2019 culture to one where we \u2018start clean.\u2019\u201d<\/p>\n It\u2019s all part of building a more effective culture and practice to do more with less.<\/p>\n You don\u2019t know what you don\u2019t know. In the world of IT, illuminating those hidden areas helps stave off nasty surprises. When elements of IT infrastructure are shrouded in mystery, it can lead to security vulnerabilities, non-compliance, and poor budget management. That\u2019s the trouble with shadow IT\u2014a term for any technical infrastructure that conventional IT […]<\/p>\n","protected":false},"author":21,"featured_media":11269,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":true,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[680,89,115],"coauthors":[138],"class_list":["post-11267","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-cloud-transformation","tag-digital-transformation","tag-microsoft-azure","program-ms-digital-stories","m-blog-post"],"jetpack_publicize_connections":[],"yoast_head":"\nThe challenges of shadow IT<\/strong><\/h2>\n
![\"The](\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/06\/10575_image002.png\")
Azure best practices, shadow IT efficiency<\/h2>\n
![\"Morgan](\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/06\/10475_image001-215x300.jpg\")
Shining a light on shadow IT spend<\/h2>\n
Microsoft Azure savings and organizational discipline<\/h2>\n
![\"Key](\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/key-takeaways-300x74.png\")
<\/p>\n\n
![\"Related](\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png\")
<\/p>\n\n