With all the buzz on cloud migration, IT industry experts have insisted that enterprises need a corporate cloud computing policy, but is it really necessary for cloud success?  Is an explicit cloud policy essential, nice to have, or optional?

By cloud policy, I mean an enterprise-wide cloud governance statement of direction, not just a tactical IT directive or a departmental purchasing rule.  Enterprise policies typically cover business critical topics such as:

  • Product – what business do you want to be in (and not in)?
  • Personnel – rules for human resources, ethical behaviour and fairness
  • Legal – commitment to meet regulatory, compliance and government relations requirements
  • Finances – practices for accounting, use of capital and delegation of authority

Traditional IT is typically not the subject of explicit business policies.  Why does cloud computing warrant being elevated to a higher level?  The table below compares “legacy” IT to cloud-based IT, and illustrates some of the major differences.

Traditional ITCloud-based IT
Business impactAutomates systems of record; asset-based; technology-driven; business process focusAutomates systems of engagement and possibly record; service-driven; shared assets; customer transaction focus
CustomerSupports internal HQ and branch access; includes basic Web presenceAlso supports social networks and self-service transactions; supports interactive Web and mobile e-commerce
ControlOwned, managed and controlled by the internal IT departmentManaged by the IT department with distributed external ownership, control and operation
Agility and speedSlow, evolutionary change; customized apps; proprietary technologiesAgile development; rapid deployment; standard services; open technologies
Geographic reachPrimarily in-house and local (e.g., bank branches, physical stores, offices)Global reach through the Web, social networks and mobile devices
IntegrationVertical (all components are in-house) with some external horizontal linksHybrid internal/external solutions with distributed products and shared operations
PersonnelCentralized technical staff with specialized planning, development and operations expertiseOutsourced operational staff; packaged off-the-shelf services; expanded relationship management functions
Legal complianceCompliance requirements managed internallyInternal and external compliance and auditing required
FinancialMixed capital and operating costs; high salary expenses; long term investmentsPrimarily operating expenses; reduced salary expenses; resources on a pay-for-use basis
InnovationMajority of investment is to improve the status quo; innovation can be slow and costlySignificantly increased agility; much lower cost for service trials; lower overhead for development and testing; new innovations are results-driven

 

The chart above implies that a transformation to cloud-based IT could indeed be business strategic with a requirement for overarching policies (as opposed to project-by-project business cases).

For example, strategic business outcomes of the cloud transformation could include:

  • Globalizing the business using systems of engagement
  • Changing the corporate mindset from treating IT as an expensive, scarce resource to it being more like electricity – plentiful, readily accessible, with use-based pricing
  • Changing the IT funding model from capitalized discrete solutions to instant-access, “pay-as-you-go,” shared services
  • Changing business product development from relying on customized, “bespoke” automation to the adoption of standard services (i.e., renting a service that performs a standard business function instead of buying a server that processes custom-built applications)
  • Fostering product innovation by facilitating rapid prototyping, minimizing custom development, eliminating start-up overheads, and optimizing integration and re-use of assets

If cloud computing proves to be the most appropriate solution for multiple business issues (as might be demonstrated by the emergence of “shadow IT”), then a corporate policy that gives preference to (or even mandates) the cloud transformation would make sense.

The emergence of government cloud-related policies in the USA, the UK, Australia, Hong Kong, the European Union and China are examples of how this is being implemented in the public sector.

A Cloud First Policy could include such topics as:

  • Conditions for acceptable use of cloud resources and cloud-resident information
  • Scope of applicability – endorsement for certain classes of application
  • Governance requirements and processes
  • Harmonization across divisions and products
  • Risk positioning – security/privacy/compliance
  • Legal and auditing best practices
  • Avoidance of shadow IT, cloud sprawl and service duplication
  • Procurement – adaptation of methods for selecting and contracting with cloud service providers
  • Cloud management best practices including reporting, access control and authorities

Does your organization have a Cloud Business Policy?  Are you planning to create one?  If no, why not?

Would you recommend this article?

0
0
Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada