AWS takes on shadow IT with customizable software marketplace
Amazon Web Services customers can customize a version of the AWS Marketplace for employees to find pre-approved software products, the company announced at its annual re:Invent conference Tuesday.
The AWS Marketplace already serves as a digital catalog of third-party software solutions but the private marketplaces will allow customers to better yield products that fit regulatory compliance and company policies, according to the announcement.
In addition to a private marketplace, AWS customers using Elastic Container Services (ECS) and ECS for Kubernetes can also choose from 160 trusted container products from third-party vendors to support an individual company's container needs, according to a company announcement.
Now that AWS customers can customize AWS Marketplace catalogs, companies have less to fear over shadow IT.
Employees often take the liberty of downloading and implementing software without permission from IT, resulting in shadow IT. Software is easy to obtain but hard to keep a dependable inventory of.
"The line of business often has an immature concept of what an application is," said Jay Heiser, VP analyst at Gartner, while speaking at the Gartner Symposium in Orlando, last month. They tend to think of software applications as "static" and therefore don't see the need to seek out guidance or governance from IT.
Most IT professionals just want to ignore software as a service applications, according to Heiser, but they can't afford to do so because eventually so much software will demand attention.
This is an area of concern AWS capitalized on.
Microsoft has a cloud-based tool for tracking shadow IT, but neither Azure or Google Cloud have a customizable marketplace option for customers.
Companies "probably do need the cloud to manage the cloud," said Heiser, because keeping an active inventory of cloud applications is nearly impossible with its accessibility. A lot of control was lost with the migration to SaaS.
This invites unintended risk from a security and regulators' perspective. Companies that are unaware of noncompliant applications running in the background exacerbates risk with suppliers, availability during a cybersecurity event and agility with future scalability goals.
Follow Samantha Ann Schwartz on Twitter