November 28, 2016 By Mark Samuels 2 min read

Organizations that fail to create an effective balance between IT decentralization and control face severe security and financial implications.

A VMware survey found that 69 percent of business users and technology professionals queried believe IT management has become increasingly decentralized in the past three years. The survey, conducted by Vanson Bourne in August and September, targeted 3,300 people from 20 countries across the Americas, Asia-Pacific and Europe.

Titled “The IT Archipelago: The Decentralisation of Enterprise Technology,” the report confirmed that decentralized IT can produce big benefits for businesses, but the shift must be managed correctly. Rather than stepping back entirely, technology departments should take an active role in IT decentralization.

Disrupting Business Models

The consumerization of IT and the use of cloud computing have facilitated this decentralization. Employees find it easier than ever to purchase applications on-demand through their devices, often without permission from the chief information officer (CIO), chief information security officer (CISO) or security teams.

Business models in all sectors are being disrupted. According to Infosecurity Magazine, digital transformation is critical to enabling organizations to remain innovative, competitive and agile. The survey results suggested that decentralization can increase responsiveness to market changes, create more freedom to drive innovation and enable the quicker launch of new products and services.

It may also lead to questions about the long-term viability of the traditional technology department, however. More than half of the survey respondents agreed that decentralization has created a lack of clear accountability for IT.

Security and Financial Implications

The survey also revealed that businesses are not always ready for the transition to a new form of IT procurement — 57 percent of respondents believe decentralization leads to the purchase of unsecure IT solutions. Another 60 percent think decentralization leads to the development of applications outside corporate or government regulations, while 56 percent believe it creates a lack of regulatory compliance of data protection.

IT decentralization can also have a big financial impact. Businesses reported a 5.7 percent average increase on IT spending as a result of decentralization. Furthermore, 61 percent of technology professionals believe decentralization leads to duplication of IT spending across the organization, and 57 percent said it creates a lack of awareness of overall IT spending across the business.

Opportunities and Challenges of IT Decentralization

IT decentralization creates both opportunities and challenges. While it can empower all business units to drive innovation and ease pressure on IT, it also creates a range of management, security and compliance issues.

The survey suggested CISOs and their senior technology peers must strive to create an effective balance between decentralization and control. In Europe, for example, 60 percent of IT decision-makers believe the technology department must play an active role in the decentralization of IT to other business units.

However, IT is pushing back: In total, the survey found that 65 percent of IT professionals want IT to be more centralized. Only time will tell if these professionals change their tune thanks to the many benefits decentralization can bring.

More from

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

4 ways to bring cybersecurity into your community

4 min read - It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today