Cloud Infrastructure Managed Services & Outsourcing Wireless & IoT Does your enterprise even need a formal cloud policy? Don Sheppard @DonSheppard Published: February 10th, 2015With all the buzz on cloud migration, IT industry experts have insisted that enterprises need a corporate cloud computing policy, but is it really necessary for cloud success? Is an explicit cloud policy essential, nice to have, or optional?By cloud policy, I mean an enterprise-wide cloud governance statement of direction, not just a tactical IT directive or a departmental purchasing rule. Enterprise policies typically cover business critical topics such as:Product – what business do you want to be in (and not in)?Personnel – rules for human resources, ethical behaviour and fairnessLegal – commitment to meet regulatory, compliance and government relations requirementsFinances – practices for accounting, use of capital and delegation of authorityTraditional IT is typically not the subject of explicit business policies. Why does cloud computing warrant being elevated to a higher level? The table below compares “legacy” IT to cloud-based IT, and illustrates some of the major differences.Traditional ITCloud-based ITBusiness impactAutomates systems of record; asset-based; technology-driven; business process focusAutomates systems of engagement and possibly record; service-driven; shared assets; customer transaction focusCustomerSupports internal HQ and branch access; includes basic Web presenceAlso supports social networks and self-service transactions; supports interactive Web and mobile e-commerceControlOwned, managed and controlled by the internal IT departmentManaged by the IT department with distributed external ownership, control and operationAgility and speedSlow, evolutionary change; customized apps; proprietary technologiesAgile development; rapid deployment; standard services; open technologiesGeographic reachPrimarily in-house and local (e.g., bank branches, physical stores, offices)Global reach through the Web, social networks and mobile devicesIntegrationVertical (all components are in-house) with some external horizontal linksHybrid internal/external solutions with distributed products and shared operationsPersonnelCentralized technical staff with specialized planning, development and operations expertiseOutsourced operational staff; packaged off-the-shelf services; expanded relationship management functionsLegal complianceCompliance requirements managed internallyInternal and external compliance and auditing requiredFinancialMixed capital and operating costs; high salary expenses; long term investmentsPrimarily operating expenses; reduced salary expenses; resources on a pay-for-use basisInnovationMajority of investment is to improve the status quo; innovation can be slow and costlySignificantly increased agility; much lower cost for service trials; lower overhead for development and testing; new innovations are results-driven The chart above implies that a transformation to cloud-based IT could indeed be business strategic with a requirement for overarching policies (as opposed to project-by-project business cases). Related Articles Peering into the 2015 crystal ball – the clouds will reign For example, strategic business outcomes of the cloud transformation could include:Globalizing the business using systems of engagementChanging the corporate mindset from treating IT as an expensive, scarce resource to it being more like electricity – plentiful, readily accessible, with use-based pricingChanging the IT funding model from capitalized discrete solutions to instant-access, “pay-as-you-go,” shared servicesChanging business product development from relying on customized, “bespoke” automation to the adoption of standard services (i.e., renting a service that performs a standard business function instead of buying a server that processes custom-built applications)Fostering product innovation by facilitating rapid prototyping, minimizing custom development, eliminating start-up overheads, and optimizing integration and re-use of assetsIf cloud computing proves to be the most appropriate solution for multiple business issues (as might be demonstrated by the emergence of “shadow IT”), then a corporate policy that gives preference to (or even mandates) the cloud transformation would make sense.The emergence of government cloud-related policies in the USA, the UK, Australia, Hong Kong, the European Union and China are examples of how this is being implemented in the public sector.A Cloud First Policy could include such topics as:Conditions for acceptable use of cloud resources and cloud-resident informationScope of applicability – endorsement for certain classes of applicationGovernance requirements and processesHarmonization across divisions and productsRisk positioning – security/privacy/complianceLegal and auditing best practicesAvoidance of shadow IT, cloud sprawl and service duplicationProcurement – adaptation of methods for selecting and contracting with cloud service providersCloud management best practices including reporting, access control and authoritiesDoes your organization have a Cloud Business Policy? Are you planning to create one? If no, why not?Would you recommend this article?00 Thanks for taking the time to let us know what you think of this article! We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →Jim Love, Chief Content Officer, IT World Canada Cloud, Infrastructure, Managed Services & Outsourcing, Wireless & IoT cloud adoption, cloud first, cloud policy, IT transformation