CloudU Notebooks is a weekly blog series that explores topics from the CloudU certificate program in bite sized chunks, written by me, Ben Kepes, curator of CloudU. How-tos, interviews with industry giants and the occasional opinion piece are what you can expect to find. If that’s your cup of tea, you can subscribe here.
One of the recurring discussions around cloud adoption has been the tensions between IT and the business. It’s a polarizing conversation. On one side is IT saying that it has to retain control to ensure security and compliance and that with unfettered access to technology staff would introduce lots of dangerous avenues for security breaches into the organization. On the other side you have the business itself which has long been frustrated by the fact that seemingly every request to IT is either stonewalled or slowed significantly. Getting servers deployed takes weeks because of interminable processes. Software evaluations may take a few days from the business end but then get bogged down in weeks of security and compliance checks by IT.
The cloud is changing all this as, for the first time, business people have the ability to utilize software, spin up (virtual) servers or utilize a development environment all with a simple swipe of a credit card, and outside of the purview of IT. I’ve always said that both the best and the worst things about cloud are that it enables the business unit to access technology without IT intervention – it’s awesome from the agility perspective but sometimes not so much for security.
This was the topic of a recent Twitter exchange I had after posting a link to an Appsecute blog about the future role of IT. During the exchange I was pointed to the Engineering IT Supply Manifesto which suggests that “the current global IT standard of performance in hardware/software supply falls far short of what it should be. It is an active and ongoing destruction of company value and improving it is something that requires only a change in mindset.”
In the post the author, Yishan Wong, suggests that current IT sourcing uses the following methodology to assess requests:
- If you need a new computer or major component (e.g. monitor), you need to give at least three to five working days notice.
- If you need a piece of software or hardware, you must choose from a catalog provided by the vendor with whom your IT department has a bulk supply relationship.
- If your request for a piece of hardware or software is not in this catalog, it is denied or at best requires special approval from high levels of management to acquire it.
Wong compares this to the procurement situation for the average startup that looks pretty much like this:
- If someone needs a new computer or monitor, someone drives to the store and gets it.
- If someone needs hardware or software that’s not at the local store, they find out where it’s sold online and buy it or download it.
- If something someone needs is not in the catalog or store you’ve been ordering from, they look in another catalog and get it.
The difference between the enterprise IT approach and that of the startup is like night and day – IT is fundamentally not meeting the needs of the business and hence Wong suggests a new response protocol for IT:
- Every request for a commodity piece of equipment (hardware or software) under a reasonable price range ($5,000 or, for industries like CAD/3D where common tools are pricey, higher) is automatically approved.
- Every single request should be filled within one business day (24 hours excluding weekends).
- Bulk ordering should be used to build up inventory in anticipation of commonly-requested items so that any common request can be filled in the time it takes for an IT person to walk to the shelf and bring the piece of equipment to the person who requested it.
Now, of course, I’ve simplified things here – not all enterprise IT departments are so slow to react, and not all startup IT expenditure is good, safe or prudent. That said, all indications I get from my enterprise friends is that this does indeed reflect the current status quo. As such it’s hard to ignore the fact that IT has the biggest part to play in all of this and is in fact encouraging its users, albeit in a roundabout way, to adopt shadow IT.
Corporate IT needs to find a new way to approach this problem – and fast!