Pressure systems: Who is driving cloud adoption?

6. Is cloud driving the transformation of the enterprise IT department?

Author, mentor and former CIO, Rob Livingstone.

The reality that IT systems can be low cost, easy to use, intuitive, and easy to implement in the personal lives of users translates directly to the perception and expectation that corporate or enterprise IT systems should be similarly easy to use, highly flexible, quick to implement and very low cost.

This perception is fuelled by two primary influences:

1. Individuals can access and experience the cloud systems first hand, without needing IT involvement; and
2. Individuals are neither subject to the complexities of coordinating enterprise wide IT systems nor subject to the often stringent governance requirements and related mandates.

For organisations, these governance requirements do not change in moving enterprise systems to Cloud Computing. Expecting IT departments to not meet minimum due diligence and governance standards because the system is ‘Cloud’, requires a clear and unequivocal mandate from the Directors of the organisation to this effect. Clearly, this does also not excuse enterprise IT departments that are poorly run from making poor decisions. Where IT departments are poorly run and badly aligned with the organisation’s business plans and objectives, these issues need to be remedied.

Cloud computing may be a solution for part of your organisation’s IT systems, but replacing your IT department with the Cloud is a strategy that needs extensive due diligence. Fix your organisation’s IT management issues first, then consider the cloud, not the opposite.

7. What are the implications for procurement?

Due to the speed and relative ease of access to cloud technologies, there is a risk of the unmanaged proliferation of cloud technologies within organisations.

• Where uncontrolled or unauthorised enterprise systems exist, so do the potential risks of information security problems, data integrity issues and compromises to the integrity of business processes.

There are a number of considerations in the selection and implementation of xloud systems in your organisation, as discussed below.

a) Cloud is a technology and delivery mechanism choice. Manage it as such

Cloud technology contains your organisation’s business logic and data, and as such it required some effort to maintain its:

• Accuracy;
• Integrity;
• Security;
• Availability; and
• Interface to any other of your IT systems.

b) Have clear accountabilities over your cloud implementation

Cloud systems are, in principle, no different from your existing on-premises IT systems. Someone (i.e. a specific Director) in your organisation should have ultimate accountability for the cost, risk, use and overall governance of your enterprise systems.

Should a line-of-business departmental manager wish to select, implement and manage their own local enterprise systems, they should be able to do so only under the full visibility and rigours of your enterprise IT governance framework.

c) The importance of a clearly articulated cloud procurement policy

Given that a SaaS Cloud system can be deployed in minutes and paid for out of the discretionary budget of a department within most organisations, it has the potential to expose the organisation to the risk of a ‘viral cloud’.

• A viral cloud is characterised by a localised initial installation of a cloud system (approved or otherwise!) in one part of the organisation, for a defined purpose. After a short period of time, access if progressively granted to others outside of the initial user pool as either the popularity of the system gains a foothold, or others need to be given access to approve workflows, access documents, process information etc.

The low entry cost threshold for cloud systems could mask the potential for significant future Total Cost of Ownership (TCO), unmitigated risk and breach of minimum governance standards.

• Due to the ease of provisioning, access, configuration and use, there is increased risk of local divisions or business units in an organisation independently implementing cloud technologies by using local, discretionary budgets, in the absence of an effective cloud policy framework.

Organisations need to have effective cloud computing policies to mitigate against the risks of ungoverned enterprise applications.

In the absence of a clearly articulated cloud computing policy, traditional capital investment purchase processes can by bypassed, as individual user subscription costs are mostly treated as routine expenditure within the local business unit.

This has implications in multinational and multi-divisional organisations, where a local business unit wishes to implement an IT system to meet a local requirement.

d) Cloud: Low barrier to entry leading to vendor lock-in

Enterprise cloud systems have a very low entry threshold. For a few hundred dollars a month, a small but potentially influential pool of users could deploy an important application, which, when scaled out across the enterprise, could be prohibitively expensive.

Cloud computing has the potential to unleash the pent-up demand for better systems, improved reliability, less complexity, greater mobility and choice. All of these requirements are frequently valid at a local level, however organisations still require appropriate governance and due diligence processes to ensure that local decisions do not adversely impact the organisation as a whole.

IT departments often are in a unique position as they have a perspective of the entire organisation, and are required to balance the demands of a particular division or business unit against the requirements of the organisation as a whole.

The takeaway messages from this chapter are:

• The immediacy and universal access to cloud technologies allows individuals and organisations alike, to implement systems ‘on-demand’. This has potential implications for the procurement and project management approaches in the selection and implementation of enterprise IT systems.
• Individual positive personal experiences in using cloud systems are driving the demand for a similar level of service delivery by organisation’s own IT departments.
• Understand how and why cloud has the potential to transform your view of the relevance and operation of your in-house IT department.
• A cautious and unduly ‘defensive’ posture taken by your IT department to a move to cloud computing needs assessment, and may be made on justifiable grounds. Investigate, don’t dismiss or mandate.

This is an extract from ‘Navigating through the Cloud’ by Rob Livingstone. Reprinted with permission. ‘Navigating through the Cloud’ features features a cloud assessment framework and other practical advice and is available for download online.