Users Bypassing IT to Adopt Cloud Services

Another interesting read on this morning: IT departments struggle to control cloud adoption.  In it is says that:

  1. 20% of those responding said they had gone around their IT department to provision cloud services
  2. 61% said it was easier to provision the services themselves
  3. 50% said it takes too long to go through IT
  4. 60% reported that they have corporate policies in place that prohibit such actions, those policies aren’t real deterrents

I cannot say that I am surprised.  I know that in the past I have hosted and managed the infrastructure for users in some very large organisations.  They found it too difficult to get what they needed from their IT departments/divisions and they looked to someone who could give them what they needed, when they needed it.

This problem is typically in the medium to large organisation.  The smaller organisation usually only has a couple of IT people who pretty much do everything IT for the company.  The larger organisation features divisions, branch offices, and departments that purchase and deploy applications and typically rely on some central IT to deploy the infrastructure that they need.  Sometimes it’s a case of they go to a central applications/MIS department/division to get an application that they need.  And we all know this: the bigger the organisation, the longer it takes for simple things to happen.  For example, I know of a bank with its headquarters in Munich, where former employees claimed that it could take up to 6 weeks for the helpdesk to respond to a non-critical ticket.  How hopeless is that?

IT is a service.  It has a customer and that customer is the user *I’m choking just a little bit as I type this*.  Any business person, even those on The Apprentice, will tell you that if you are slow to respond to a customer’s service request then you lose the customer.  In this case, every IT employee’s worst dream is coming true: their reason for being employed (the users) are going to an external service provider because IT is too slow.

One of the big complaints you’ll get from users about IT is that anything they do come up with isn’t quite what was asked for and it isn’t flexible.  That’s why the consumerisation of IT started: users are buying devices and apps independent of IT because, for example, their iPad is better for consuming information on the move than a laptop might be.  Public cloud computing is similar.  All the user needs is a credit card and some idea of what they need.  They’ll demo a few things, find something they like, and cough up the money to get it active.  They may well get approval from some departmental or divisional budget to cover the costs, completely independently of the IT budget.  Uh-oh, now the organisation has a reason to start reassessing (downwards) the IT budget, not to mention the headcount.

So IT is bypassed.  That causes hurt feelings and threatens their jobs.  The user is happy because they finally got the services they wanted in a timely manner.  End of story?  Let’s think bigger for a moment.

What about compliance?  Say this is a European company storing sensitive personal information: Does the user know anything about the Data Protection Act or the Patriot Act?  What if they are handling online payments?  Have they assessed a data centre or SaaS solution for ISO 27001 and PCI compliance?  I bet you these things don’t even cross their minds!  Things such as governance and regulatory compliance rarely do.  Businesses can put in policies to ban the independent adoption of public cloud computing services, but we all know that budget holders will do whatever they think will alleviate their pain.  One only has to look at the news to see how rules are regularly tossed aside with no repercussions in the business world.  Anyone who has worked in the corporate world knows that there’s one set of rules for “everyone”, and a different set of rules for certain people.

You cannot stop the user from seeking out alternatives.  Already over 60% of UK CIOs reckon that consumer devices have become essential tools in the business.  Banning those has worked real nice, eh?  The solution isn’t to ban things, it’s to adapt and provide internal & managed services that have the traits of those alternative that the users have started to turn to.

The private cloud brings that elasticity, self-service provisioning, rapid deployment, and flexibility into the internal network from the external service provider.  From the compliance and governance perspective, this brings back a lot of control.  From the IT worker’s perspective, it saves their job.  From the user’s perspective, this can be much better than the public cloud.  Think of the public cloud as a phone company: there’s a remote service desk that is pretty similar, and how many of us like the “customer care” that we get from our phone service providers?  When your service is deployed internally, then you at least have some leverage to apply pressure when things inevitably go wrong.

You now control where your data is, and who can see it.  IT switches from a deployment role to a role where templates are shared, services are monitored, workloads are backed up, and data is secured.  Users help themselves as consumers of this service that IT provides.  In other words, the “user is the customer” relationship is reinforced.

Defining Cloud Computing

One of the most infuriation things about cloud computing has been the marketing that wraps it up.  There are a couple of international service providers (both having datacenters here in Ireland) who pretend that they invented “the cloud” when they sell it.  There are plenty of marketing people who try to define “the cloud” as being what they sell.  It’s one of those fluffy things that is constantly changing shape as it floats past us.

I was reading a story on Network World where a BMC executive said “It’s fundamentally that the cloud focuses on delivering services. I think this sometimes gets lost in a lot of the discussion around cloud computing. Everybody’s talking about infrastructure and hypervisors and virtualization, all of the components. At the end of the day, what customers really care about is getting secure, reliable, trusted services, whether that’s from their internal IT department or from the external broker to their IT department, or from an external provider directly”.

I like that comment.  He also said that he likes the American National Institute of Standards and Technology (NIST) definition.  It’s a simple 2 page document that starts with: “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.  It goes on to list different components, architectures and delivery models that could be considered a part of or type of cloud computing.

What we need to remember is:

  • It’s all about delivering a service.
  • There are many varieties.
  • Don’t get caught up in the marketing crappola.