10 Ways IT Can Own Cloud Decisions

Decision Success or Failure

Making the right cloud decision could be the difference between success or failure

How IT leaders can bring the true value of cloud computing to their organizations.

Much of the hype surrounding cloud computing is causing confusion among enterprise IT looking to cloud to solve problems and hoping not to introduce more. Unfortunately several sources ranging from industry experts to news articles to well-known technology evangelists seem to be providing more questions around cloud than answers. IT needs some clarity and guidance to ensure their cloud endeavors produce the promised benefits.

To be certain, the public cloud is a fantastic thing. It has a role to play for consumers, and even for many businesses (what’s wrong with using Gmail or Google Apps for your business?). And cloud computing for business, government, and other organizations is, without doubt, the future of IT. But we need to have at it with eyes wide open.

Here are ten things IT needs to do to take ownership of the cloud discussion, get our arms around the cloud, and bring the value proposition home to the organizations and users we serve.

  • 1. Stay close to the business. There’s a reason why the business is innovating with public cloud services without involving IT. They need to get something done, they need to get it done now, and they don’t think IT wants to help them with the cool new stuff. In fact, a meager 19% of business executives say innovative projects are frequently led by IT, according to CA Technologies Innovation Imperative study. And just 25% of business executives say innovative projects are frequently a collaboration between IT and the business. If we want to change this, we need to be there with the users, step by step, as they define their requirements and execute their strategy. Otherwise, the innovation gap between business and IT – already a gaping hole – will widen still.
  • 2. Become a trusted advisor. This is the other side of the coin to staying close to the business. You not only need to know what the business is doing, you need to be able to provide valuable advice and counsel on the technology they need to drive their business strategies. And that means playing nice. In CA Technologies Innovation Imperative study, 34% of business executives characterized their relationship with IT as combative, distrustful, and/or siloed. And 31% of IT agreed the relationship is broken. It’s time to become the Department of Know-How, not the Department of No.
  • 3. Stop talking about the cloud as if it is one thing. Be an evangelist for cloud education. Help people understand that some elements of the cloud are for consumers, some are for business, some are run by IT and some not, and some are more mature than others. The cloud is not one amorphous thing. It comprises discrete components, technologies, applications, and architectures, many of which are chosen vetted, and overseen by IT. Public cloud, hybrid cloud, private cloud, private virtual cloud, SaaS, IaaS, PaaS, dbPaaS, BPaaS, DevOps, virtualization, Big Data, elasticity, data durability, cloud testing – they’re all different, and they’re all at different stages of maturity. We should not rely on the Gartners or Wozniaks of the world (see related blog post, add link here) to educate (i.e., misinform) our organizations. It’s up to us to mount internal communications efforts that give our people a sound foundation for what the cloud is, how it can be used and how we help them capitalize on it.
  • 4. Understand your tolerance for risk. One size does not fit all. Just as there are different elements of the cloud with different levels of technical maturity, there are different elements of your business with different levels of risk tolerance. Some parts of your business might be appropriate for the cloud right now (e-mail, Web site, file sharing and storage of non-sensitive data, certain databases, remote desktop, etc.). Other parts of your business won’t be comfortable with what they can presently achieve in the cloud, in terms of risk mitigation and compliance. But unless you understand the organization’s tolerance for risk and have a way to overlay that against what’s possible in the cloud today, you’re spinning in place.
  • 5. Establish and uphold a cloud security policy. Wired reporter Mat Honan got into trouble because he wasn’t diligent about how he integrated myriad cloud services. He also was lax in not using the two-factor authentication features available to him and every other user. Likewise, your organization should have clearly defined policies about when, where and how employees use cloud services. And all of those policies should work to maximize security while not unduly inconveniencing users. Also, as with point #3 above, it’s up to IT to do more than just establish these policies. We need to promote them early and often, using all of the internal communications facilities at our disposal, including e-mail, newsletters, posters, handbooks, videos, training and events.
  • 6. Know your provider’s policies. Amazon’s S3 doesn’t automatically backup your data. Neither does Apple’s iCloud. Ditto WordPress for Web sites, blogs and content management systems. That’s left to the user to set up and configure. Rackspace and DreamHost (two of many examples) automatically perform backups. In addition to business continuity and disaster recovery policies, scalability, elasticity, planned/unplanned downtime, security protocols (including those which can be socially engineered), and more also vary by provider, as do their policies for issuing alerts. Your usage and technology strategy must account for these differences, depending on which provider you use.
  • 7. Recognize that policies aren’t always followed. Apple’s support personnel gave the hackers access to the Wired reporter’s iCloud account, even though the hackers failed to answer the personal authentication questions correctly. This was a violation of Apple’s policy. Oops. That leads to my next suggestion …
  • 8. Realize that policies are often inconsistent and flawed. There’s no policy standardization across the industry, for example, as to what is public information and what is secure. A flaw in Amazon’s back-end systems allowed the hackers to see the last four digits of Wired reporter Honan’s stored credit cards. As he reported: “The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.” Digits in hand, the hackers were then able to gain access and take over Honan’s iCloud account.
  • 9. Understand the conflicting interests. Woz was right. You don’t have ownership of your data once it’s in the public cloud. And even in a private cloud, you can’t always trust the provider to manage your data the way you would. You’re one of 100 or 1,000 or a million – or in the case of Facebook, one of close to a billion customers. Facebook doesn’t care much about your privacy, because the less private your information, the more useful it is to Facebook. Your data in the Facebook cloud helps Facebook make money. But for IT and the business, data in the cloud is all about storing and sharing information easily, securely, from anywhere, on any device. These are incompatible agendas. So if you’re not paying for the cloud services, you’re not the customer and you’re not in control. You’re the product the cloud service provider (CSP) is monetizing.
  • 10. Lead, follow or get out of the way. We as technologists should lead the way in helping our organizations understand, use, innovate with and capitalize on the cloud. When we’re talking about cloud computing, we need to be responsible and stop mindlessly “blowing the trumpet” for these technologies. We need to communicate, educate, evangelize, innovate and secure the path to the future for our organizations.

We can’t abrogate responsibility for determining cloud readiness to industry analysts or tech celebrities. It is up to us – the leaders of global IT organizations – to set the stage and the pace for business cloud adoption. And to get there, we need to ensure we are doing all we can to help our users open their eyes, and their minds, to the truth about the cloud.


This post was originally posted on CA.com’s Cloud Storm Chasers blog