Business units are creating silos by bypassing IT and using public cloud services. Here's how CIOs can create order.
Many of the CIOs and technology leaders who I speak with are embracing the cloud as a core element of their IT strategy. At first, many of these leaders were hesitant about the implications of cloud because of security and accountability issues. However, today many have come to terms with the inevitability of the cloud.
More than anyone else, business leaders are forcing the rapid movement to the cloud because they perceive that traditional IT structures are simply not in step with the fast pace of business change. They have been using public cloud services for development and storage for years as a way to bypass IT and get new business initiatives off the ground. At the same time, organizations are using software-as-a-service (SaaS) applications instead of on-premises software. Systems such as Salesforce.com and Workday are becoming commonplace in companies across industries.
The end result is that we are entering a new era dominated by cloud silos. Business units have found it easy to create new and often experimental applications in the cloud. They implement a SaaS application to quickly support a new business function and these quick solutions often become essential corporate resources. Now IT is being asked to take control and establish a unified hybrid cloud environment.
In a perfect world, the CIO would start from scratch, and build a clear long-term roadmap and a staged implementation plan. However, reality is never perfect. As CIOs set out to plan for hybrid cloud environments, they should start by getting answers to three fundamental questions.
Question One: What are all of the cloud services being used across the company?
This may be more complicated than it appears. It will require some digging to find which business units are using services such as Amazon Web Services (AWS) to create applications or store data. For example, some business units may be using Amazon's storage services as an alternative to disaster recovery. There may be hundreds of different SaaS applications.
While some of these applications are used in a limited and isolated way, other applications are becoming mission critical. Before you do anything else, you need to know the scope of cloud services in use across your company. It may take a while to unearth all of them. It's equally important to calculate how much money the company is spending on all of these services. Cloud services are purchased in small increments that seem inexpensive, but they add up.
Question Two: How do the existing cloud services need to interact with your systems of record?
Since your organization already has cloud silos, you need a way to make them work for the business. Therefore, part of your plan moving forward is creating a way to link cloud-based services with on-premises IT environments. This will include data integration and business process management. The cloud services often need to access data from datacenter-based systems such as accounting and customer service. To do this you will need to create business processes between existing datacenter applications and cloud services. Your constituents are becoming more dependent on cloud services, which will need the same attention to reliability, predictability, and accuracy as systems that are controlled internally.
Question Three: Do you have a well-articulated set of policies on which cloud services are used based on business requirements?
There is no turning back. Cloud services are the new reality of how IT will be delivered, so it's important to establish policies and guidelines. Which public cloud service providers meet your compliance and security requirements? Do cloud providers adhere to important standards? Can you move important data between public and private environments?
Most organizations will opt for a hybrid cloud environment that combines an internal cloud with public cloud services. You should determine if it is acceptable to use a public cloud provider based on the level of security and accountability the provider offers. For example, if you are storing private regulated customer data, you may need to keep that within your own private cloud because of compliance. On the other hand, there are SaaS applications that are highly commercial and provide a high level of compliance. IT needs to protect the integrity of the company by working with business units to set pragmatic but safe policies.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.