The media industry has gone through an era of unparalleled change, growing into areas and sectors not even imaginable just a decade ago. But as newspapers, TV broadcasters, PR agencies and advertising giants have rapidly grown, the web of IT infrastructure they are caught in has become extremely tangled and messy.
Within the media industry, shadow IT is prolific. By this I mean technology, software and systems at work within an organisation that have not gone through the correct or appropriate procedures. For example, a third-party piece of software may have been installed to get a small job done quickly and easily without any real checks on whether that software is secure enough. It may have been rolled out within a company where a huge amount of very confidential and expensive IP will be stored, alongside masses of personal data from consumers and customers.
That is just one smaller example. On a bigger scale, a department within a large organisation, or a smaller agency within a much larger one, may have opted to use a cloud-based service or brought in its own development team to create IP for a specific project or need. What they may not have done is got the right authorisation to do so at the highest levels. Perhaps a company has spun up a dev-ops environment as they needed a couple of apps for a couple of months but going through the usual IT and procurement process would take too long.
The issue with this shadow IT, apart from non-compliance and insecurity, is that the IP developed is siloed along with the wider business value embedded in the data analytics. By lifting the lid just a little on this, you will find multiple businesses within the same company, each doing their own thing.
At the top of the chain, many companies might turn around and say, "What difference does it make if that department or splinter company or brand is making good money?" But the more shadow IT and IP silos, the less that embedded business value is shared and the bigger the IT time bomb is right across the company.
This represents a huge headache for the CISO, CIO and CTO and a legal minefield for the CCO should anything go wrong. From a technical standpoint, you have no clue as to the size or shape of your shadow IT infrastructure, which means it can be unpredictable and its requirements unforecasted. You literally do not know where the next security breach or failure is going to come from. How also can you support the business to optimise from a performance and cost perspective and to cross-pollenate wherever possible if you do not know what is working where?
From a compliance and security governance point-of-view, it becomes impossible to manage. If you were audited, you would find it hard to know whether you were doing the right thing legally because if you do not have visibility across the company, there is no way you can put governance around it. If something should happen, you will find it problematic to know whether the right levels of security have been put in place or how you can respond.
In short, shadow IT ensures there is a total breakdown of IP, governance, security and compliance and this is the case whether you are a newspaper with a dozen or more departments right up to a huge conglomerate agency with thousands of companies working under its banner.
The advent of the General Data Protection Regulation in May 2018 is only going to make this situation more apparent. Without a single pane of glass that allows the IT department to monitor all the software and tools and applications within a business - creating a frictionless environment - the company cannot adequately do whatever it needs to do.
Having this visibility is crucial to know how your IT infrastructure connects in every area, however small and where IP is stored, replicated and duplicated many times over. Crucially, you will not know which parts are at risk the most if you cannot see them properly or do not even know they exist. For data particularly this could prove hugely costly if a breach occurred post-GDPR when the fines could run into hundreds of millions of pounds.
This single pane of glass represents the only conceivable way to control this. If this covered the app development people, the traditional IT people, the people who control the budgets for IT, then you can provide a collaborative environment where it is easy to create new IP that becomes visible to the whole company; not IP hidden in a silo in one corner of the business while another part is doing something very similar.
Any tiny department or the smallest global subsidiary can expose a whole multi-national company. Without a frictionless IT environment that allows this visibility and collaboration then you will constantly find you are creating apps that do not work properly, software that does not get the engagement needed or streaming that captures data without compliance knowing. This problem covers every area of every media company and it is a significant challenge that must be tackled fast before your operations are compromised by the tiniest issue that you would never have seen coming.