CloudU Notebooks is a weekly blog series that explores topics from the CloudU certificate program in bite sized chunks, written by me, Ben Kepes, curator of CloudU. How-tos, interviews with industry giants and the occasional opinion piece are what you can expect to find. If that’s your cup of tea, you can subscribe here.
One of the recurring discussions around cloud adoption has been the tensions between IT and the business. It’s a polarizing conversation. On one side is IT saying that it has to retain control to ensure security and compliance and that with unfettered access to technology staff would introduce lots of dangerous avenues for security breaches into the organization. On the other side you have the business itself which has long been frustrated by the fact that seemingly every request to IT is either stonewalled or slowed significantly. Getting servers deployed takes weeks because of interminable processes. Software evaluations may take a few days from the business end but then get bogged down in weeks of security and compliance checks by IT.
The cloud is changing all this as, for the first time, business people have the ability to utilize software, spin up (virtual) servers or utilize a development environment all with a simple swipe of a credit card, and outside of the purview of IT. I’ve always said that both the best and the worst things about cloud are that it enables the business unit to access technology without IT intervention – it’s awesome from the agility perspective but sometimes not so much for security.
This was the topic of a recent Twitter exchange I had after posting a link to an Appsecute blog about the future role of IT. During the exchange I was pointed to the Engineering IT Supply Manifesto which suggests that “the current global IT standard of performance in hardware/software supply falls far short of what it should be. It is an active and ongoing destruction of company value and improving it is something that requires only a change in mindset.”
In the post the author, Yishan Wong, suggests that current IT sourcing uses the following methodology to assess requests:
Wong compares this to the procurement situation for the average startup that looks pretty much like this:
The difference between the enterprise IT approach and that of the startup is like night and day – IT is fundamentally not meeting the needs of the business and hence Wong suggests a new response protocol for IT:
Now, of course, I’ve simplified things here – not all enterprise IT departments are so slow to react, and not all startup IT expenditure is good, safe or prudent. That said, all indications I get from my enterprise friends is that this does indeed reflect the current status quo. As such it’s hard to ignore the fact that IT has the biggest part to play in all of this and is in fact encouraging its users, albeit in a roundabout way, to adopt shadow IT.
Corporate IT needs to find a new way to approach this problem – and fast!