Another interesting read on TechCentral.ie this morning: IT departments struggle to control cloud adoption. In it is says that:
- 20% of those responding said they had gone around their IT department to provision cloud services
- 61% said it was easier to provision the services themselves
- 50% said it takes too long to go through IT
- 60% reported that they have corporate policies in place that prohibit such actions, those policies aren’t real deterrents
I cannot say that I am surprised. I know that in the past I have hosted and managed the infrastructure for users in some very large organisations. They found it too difficult to get what they needed from their IT departments/divisions and they looked to someone who could give them what they needed, when they needed it.
This problem is typically in the medium to large organisation. The smaller organisation usually only has a couple of IT people who pretty much do everything IT for the company. The larger organisation features divisions, branch offices, and departments that purchase and deploy applications and typically rely on some central IT to deploy the infrastructure that they need. Sometimes it’s a case of they go to a central applications/MIS department/division to get an application that they need. And we all know this: the bigger the organisation, the longer it takes for simple things to happen. For example, I know of a bank with its headquarters in Munich, where former employees claimed that it could take up to 6 weeks for the helpdesk to respond to a non-critical ticket. How hopeless is that?
IT is a service. It has a customer and that customer is the user *I’m choking just a little bit as I type this*. Any business person, even those on The Apprentice, will tell you that if you are slow to respond to a customer’s service request then you lose the customer. In this case, every IT employee’s worst dream is coming true: their reason for being employed (the users) are going to an external service provider because IT is too slow.
One of the big complaints you’ll get from users about IT is that anything they do come up with isn’t quite what was asked for and it isn’t flexible. That’s why the consumerisation of IT started: users are buying devices and apps independent of IT because, for example, their iPad is better for consuming information on the move than a laptop might be. Public cloud computing is similar. All the user needs is a credit card and some idea of what they need. They’ll demo a few things, find something they like, and cough up the money to get it active. They may well get approval from some departmental or divisional budget to cover the costs, completely independently of the IT budget. Uh-oh, now the organisation has a reason to start reassessing (downwards) the IT budget, not to mention the headcount.
So IT is bypassed. That causes hurt feelings and threatens their jobs. The user is happy because they finally got the services they wanted in a timely manner. End of story? Let’s think bigger for a moment.
What about compliance? Say this is a European company storing sensitive personal information: Does the user know anything about the Data Protection Act or the Patriot Act? What if they are handling online payments? Have they assessed a data centre or SaaS solution for ISO 27001 and PCI compliance? I bet you these things don’t even cross their minds! Things such as governance and regulatory compliance rarely do. Businesses can put in policies to ban the independent adoption of public cloud computing services, but we all know that budget holders will do whatever they think will alleviate their pain. One only has to look at the news to see how rules are regularly tossed aside with no repercussions in the business world. Anyone who has worked in the corporate world knows that there’s one set of rules for “everyone”, and a different set of rules for certain people.
You cannot stop the user from seeking out alternatives. Already over 60% of UK CIOs reckon that consumer devices have become essential tools in the business. Banning those has worked real nice, eh? The solution isn’t to ban things, it’s to adapt and provide internal & managed services that have the traits of those alternative that the users have started to turn to.
The private cloud brings that elasticity, self-service provisioning, rapid deployment, and flexibility into the internal network from the external service provider. From the compliance and governance perspective, this brings back a lot of control. From the IT worker’s perspective, it saves their job. From the user’s perspective, this can be much better than the public cloud. Think of the public cloud as a phone company: there’s a remote service desk that is pretty similar, and how many of us like the “customer care” that we get from our phone service providers? When your service is deployed internally, then you at least have some leverage to apply pressure when things inevitably go wrong.
You now control where your data is, and who can see it. IT switches from a deployment role to a role where templates are shared, services are monitored, workloads are backed up, and data is secured. Users help themselves as consumers of this service that IT provides. In other words, the “user is the customer” relationship is reinforced.
Thing is with consumerization is choice & diversity. Users will always use services that are integrated with their private devices or that suit their preferences. How can internal IT compete with public offerings in number and diversity? So will private cloud help control data, devices? I would love to see users pick the devices, software and services of their choice and have IT worry about providing data (& security of that data) to the users to work with where and when they need it in a manner that fits those needs. A Star Trek like universal translotor 🙂 Thing is, we can’t and it’s a very demanding customer out there.
It has usually been my experience that the reason things can take so long in a big corporate environment is that in-house IT is viewed as so expensive by upper management that there are mupltiple layers of approval before any new work can get approved. And then there are no manpower resources available to get the job done once a project is green-lighted.
This causes large parts of the organization to work around IT & just “get it done”. Which means that all the excess spending all those layers of approval were supposed to rationalize get done anyway they just get done off the radar.
How this will work long term varies a lot by industry. Healthcare has HIPPA, financial services has Sarbanes-Oxley, both of which put really strict rules around how private data is accessed. I can see how a private manufacturing or shipping company might be able to just let users buy tablets & connect to a corporate cloud but I still haven’t seen a realistic way to let a doctor pull up x-rays on his personal IPad without violating 5 different federal mandates.
You nailed it!!! While working for one global insurance company it took me three months to have WinMerge approved for use. Even though it already been approved for other departments I had to wait and pay an internal charge of $175.00. Once they finally approved it use in our department I found it was an outdated version and I had to start the process all over again. That global insurance company is now outsourcing and has laid off over 400 IT positions crippling this area for IT jobs. Just getting an IP for a new server would take months…
Place I am working with on a project now, a health company which falls under HIPPA, told me to use a hot-mail account to setup external IM, to be used internally. “They do not have OCS here and their IM system does not work at all so we use this” Unbelievable…
I once did a 3 month contract for a very large corporation. Luckily (a) I bought/brought my own laptop and (b) I was working for the security team. That’s because it took 2 months for the IT group in this corporation to send over a PC for me to use. The security team knew what would happen, vetted my laptop, and let me plug it into the network. The alternative would have been that I bill them for 2 months for the pleasure of my company while I watched the clock tick for 8 hours a day. And I was charging a very nice rate for that job 🙂