Cloud reminds me of the Oklahoma land rush with people pushing and shoving and tripping over themselves to get out ahead and stake a claim. While it's obnoxious to see so many IT vendors out their doing their own land grabs ("cloud personal printing", anyone?), it's more unnerving to see so many IT organizations who are getting caught up in the flow and may be inadvertently allowing their companies to end up with undisciplined approaches to adopting cloud-based computing.
IT organizations are traditionally very good about adopting new technology in a careful and considered manner -- walking that fine line between reaping the business benefits of new technologies and mitigating the security, stability and compliance challenges of that new technology. But cloud computing, as with mobile technology, enables business users to begin making local technology decisions. It's great that public cloud services enable informal IT consumers (such as application developers or business staff) to quickly request and begin consuming cloud-based services without the involvement of corporate IT. It's a great thing. Unless those users are making not-so-great choices.
There are a number of dangers to allowing your company to inadvertently take a pell-mell approach to adopting cloud-based computing. At the very least, you will under-achieve the benefits of moving to cloud if you're over-provisioning servers . And on the other extreme, you could end up with highly sensitive information out in the cloud that should really belong, for compliance reasons, behind your firewall.
So, the challenge is, how does IT take an appropriate pace and strategy to adopting cloud-based computing while ensuring that business users aren't doing an end-around? Here are a few ideas.
- First, don't allow a situation where business users are by-passing enterprise IT as it relates to public cloud services. Business users (or even those application developers who need a short-term QA box or short-term SharePoint server) are inevitably going to find that public cloud services are a very attractive offering for a quick, informal purchase. You know it's going to happen, so get involved. Show IT leadership by helping to negotiate and oversee those public cloud requests from the line of business. Work with a preferred service provider to set up good default self service options for those customers. It's a win for the business folks because they'll have access to these services and IT will already have done all the heavy lifting. And it's a win for IT because you'll be channeling all that potential hidden and "unsupervised" usage into a place where you can monitor what's going on.
- Establish clear cut policies around what is and isn't appropriate for public cloud usage. What kinds of applications and use is okay and what needs to remain behind corporate firewalls for policy or compliance reasons? Developing an in house application and need a place to test with live data? Probably not okay.
- Clearly communicate what your overall cloud adoption strategy will be. Are you looking at an evolutionary approach to cloud, where you'll first focus on automating datacenter and then consolidating servers via virtualization with an overall plan to move to cloud? Or are you more transformational, with the intent to implement PoCs and or even introduce a private cloud for particular domains or types of internal servers and applications? Sharing this roadmap with the business helps them understand that IT is taking a leadership role around cloud and it gives you the ammunition you need to manage customers expectations about what you're doing for them.
Unless you get out ahead of these hidden, informal usages of public cloud, you'll never really effectively manager your company's adoption of cloud-based computing. It will be like herding cats - except that you won't even know how many cats there are to begin with, so you won't ever really be able to tell if you're even close to succeeding.
To weigh in, comment below! I'll begrudgingly read your thoughts. To suggest a rant - email me at firstname.lastname@example.org.