The ease and speed with which businesses can adopt new Cloud-based infrastructure, applications and services has been a tremendous boon in the drive to digitise and transform.
However, in many large enterprises there is trouble brewing, with different divisions and business units subscribing to a variety of Cloud services independently — each running off in their own direction.
We’re seeing this scenario playing out across many local organisations, with business leaders recognising the power of the Cloud to drive new digital services for their staff, partners and customers, kicking off all sorts of new projects and pilots.
While the enthusiasm of business leaders may be honourable, CIOs in the centre of the organisation are tasked with trying to corral all of these fragmented Cloud subscriptions into a broader, enterprise-wide Cloud strategy.
Industry news-site CloudTech explains the problem succinctly: “This practice — known as shadow IT — is having an obvious impact on technical support teams by undercutting sound governance and reducing operational efficiencies.”
The site goes on to cite Gartner research predicting that by 2020, when the Cloud is pervasive in almost every company, one-third of security breaches will be due to shadow IT.
Fumbling in the darkness
This kind of Cloud-based ‘Shadow IT’ exposes an organisation to a number of risks, including:
- Increased maintenance and support costs, as technical teams now need to manage various environments across a fragmented Cloud landscape.
- Increased integration costs, as each new Cloud service must be individually connected to all the relevant legacy systems within the organisation.
- Business disruption and unplanned downtime due to technical issues, as the application landscape grows out of control.
- Security concerns due to the lack of rigour and governance in many of these independent Cloud relationships, with no overarching security strategy covering the entire application lifecycle.
- Data residency and compliance issues, as businesses host information on Cloud platforms without fully understanding the implications of the laws surrounding it (such as the Patriot Act for US-based Cloud environments).
- Increased costs as multiple licenses and profiles are created, instead of being consolidated into single master services agreements at an enterprise-level.
- Change management and user adoption challenges, as different areas of the organisation have to get to grips with various Cloud-based systems (which often overlap in scope).
- Business process failure as new Cloud services start to ‘break’ existing business processes, affecting coordination between teams and departments
All of this presents an enormous challenge for CIOs who must bring some structure and control to the situation, by implementing strong governance policies for the Cloud, which ultimately need to carry weight throughout the organisation.
Seeing the light
In this context, governance extends beyond the basic definition of ensuring compliance with legislation. It encompasses everything from assessing the maturity of the organisation’s technology landscape, the potential risks, and ensuring that every aspect of architectural design is aligned with the business’ strategy.
CIOs must work with internal teams and external partners to forge a solid governance framework, designing an approach to application lifecycle management that has checkpoint and test points, to identify any issues and ensure Cloud services are smoothly embedded into the organisation.
Many think that once they have shifted workloads to hosted platforms, that any production and operational issues will be magically solved and businesses often need experienced Cloud services partners to orchestrate, integrate and ensure proper governance is followed.
Isolated Cloud projects then often end up costing more in terms of time, resources and money. So, while the intent is to get to market as quickly as possible, we see the exact opposite happening.
So, just what should IT professionals look for in their Cloud partner?
Firstly, they should have deep experience in migrating complex IT systems from on premise platforms, into the Cloud, be adept at brokering services, engaging with third-parties, software providers and Cloud OEMs on your behalf.
Secondly, they must have strong, well-established Cloud governance and security capabilities, to ensure that your governance frameworks are able to work in practice and prevent ‘Shadow IT’ from careering out of control.
Thirdly, they should have a holistic understanding of your overall enterprise strategy and look beyond merely the technology itself (considering every aspect of your architecture and business processes as well) and ensure alignment with the business’ vision.
By getting this right, CIOs are able to standardise, mature and gain greater value from their Cloud services – gaining the confidence to migrate further workloads into the appropriate Cloud platforms, and ultimately transforming the organisation to become fully Cloud-ready.
By Sonja Weber, Lead Delivery Solution Manager at T-Systems SA