Author Sylvie Veilleux, VP of IT for Mozilla
This article is not about if you should use cloud services or which ones to use. It’s not about describing the differences between private and public clouds or SaaS, IaaS and PaaS. It’s also not about helping you choose or make the decision on which cloud service to use. It’s about the fast pace and increased adoption in organizations. Lets get back to the subject of this article. It’s an easy answer right? For many CIO’s, information security and IT professionals, cloud sprawl is creating increased concerns around risks. This is mainly due to the growing number of cloud services being introduced without the involvement of IT. On the other hand, business units that are adopting cloud services are benefiting from the speed at which they can innovate and improve their operations, which creates a competitive edge for them. Both perspectives are right. Let’s look at this briefly from both points of view.
Who is this “Business Cloudologist”?
Just about anyone in an organization can buy a cloud service and store data, build business processes & services, move data between clouds and their devices (laptops, personal phones, tablets, home computer, etc.). These services are broad and not just limited to cloud file storage or servers. These cloud services are company social networking tools, human capital management solutions, finance systems, CRM, source code management, executive dashboards, reporting and analytics, customer service management, web platform development, etc. It’s very easy for just about anyone to sign up for a cloud service. Either as a free service or for as little as a $3 per month per user charged to a credit card. With a couple clicks here and there, voila! An instant service running a business process with no IT or Information Security professional involved. All delivered by the new “Business Cloudologist”. Organizations are immediately empowered with self-service, on-demand and iterative development and deployment platforms. When you think all is great, a new shiny cloud solution with the coolest gadgets and integrations to clouds you already use pops up. It’s a matter of time before someone wants to use it in the organization.
We are not in Kansas anymore
Things do seem a bit magical these days. What used to take months and years to do, now takes weeks, days or just a few hours. There is no need to code much anymore in the cloud. Many cloud applications and services require just a few clicks, drags and drops in a very easy user interface. These clouds know of other clouds, have built-in integrations between them, and with a few more clicks and check boxes, your cloud application is instantly available on your mobile devices. Your application has a cool user interface, your data is flowing to and from where you want it, and you deployed it to your whole department within minutes.
Things become cloudy
Within a team or a department, it may be smooth sailing for a while. But when it comes to cross department interactions and business processes, the functionality overlap and incompatibility between the clouds deployed creates challenges and things get “cloudy” quickly. No one really has the time to understand and make the other teams thing work with theirs. It’s the other teams issue right? Companies can easily end up with 50, 75 or more cloud services, which can over complicate and cause significant delays or mistakes in your business operations. This isn’t a new situation. Just go back to the days where PC’s were the thing and every department would purchase and install boutique software for computers on or under their desks. It took years for companies to move these capabilities to enterprise solutions and into data centers to improve efficiencies and reduce risks and costs. Some are still discovering these applications to this day. In this “cloudy” state, business, IT and information security professionals have anxieties about business continuity, security and risk management. What data is where? How is data being moved around? Who has access to our data? How are access controls set and managed? How is data integrity and data quality validated? What business decisions are being made based off which data? How long is data retained? How are we managing compliance? What is the cost/value benefit of the service? What are the service level agreements? And the list goes on. These questions didn’t just happen over night, and did not appear because of the cloud sprawl. They are just more difficult to answer with the new cloud sprawl.
IT has their Mojo back
The “Business Cloudologist” enjoys the very accessible, easy to use, “roll your own” technology to move the business forward. They are not so much interested nor have the experience and skills to address the numerous questions around business continuity, risk management and enterprise systems that IT professionals are poised to do. IT has their mojo back, with a renewed sense of meaning, competence and appreciation in the organization. It starts with an IT mind set change that embraces the cloud sprawl and accepts no longer controlling all technology decisions and projects. IT organizations must change their services portfolio to adapt to the increasing technical skills in the workforce and the exponential growth in easy to use technology such as cloud. IT needs to focus on their experience in governance, consultative services, information management, security, business intelligence, analytics, service orchestration, vendor management and value management. In this new technology era, there is room for both the “Business Cloudologist” and the IT professional. Both need to work together to increase the success in technology delivery to the business.