Does your enterprise even need a formal cloud policy?

With all the buzz on cloud migration, IT industry experts have insisted that enterprises need a corporate cloud computing policy, but is it really necessary for cloud success? Is an explicit cloud policy essential, nice to have, or optional?

By cloud policy, I mean an enterprise-wide cloud governance statement of direction, not just a tactical IT directive or a departmental purchasing rule. Enterprise policies typically cover business critical topics such as:

Product – what business do you want to be in (and not in)?
Personnel – rules for human resources, ethical behaviour and fairness
Legal – commitment to meet regulatory, compliance and government relations requirements
Finances – practices for accounting, use of capital and delegation of authority

Traditional IT is typically not the subject of explicit business policies. Why does cloud computing warrant being elevated to a higher level? The table below compares “legacy” IT to cloud-based IT, and illustrates some of the major differences.

	Traditional IT	Cloud-based IT
Business impact	Automates systems of record; asset-based; technology-driven; business process focus	Automates systems of engagement and possibly record; service-driven; shared assets; customer transaction focus
Customer	Supports internal HQ and branch access; includes basic Web presence	Also supports social networks and self-service transactions; supports interactive Web and mobile e-commerce
Control	Owned, managed and controlled by the internal IT department	Managed by the IT department with distributed external ownership, control and operation
Agility and speed	Slow, evolutionary change; customized apps; proprietary technologies	Agile development; rapid deployment; standard services; open technologies
Geographic reach	Primarily in-house and local (e.g., bank branches, physical stores, offices)	Global reach through the Web, social networks and mobile devices
Integration	Vertical (all components are in-house) with some external horizontal links	Hybrid internal/external solutions with distributed products and shared operations
Personnel	Centralized technical staff with specialized planning, development and operations expertise	Outsourced operational staff; packaged off-the-shelf services; expanded relationship management functions
Legal compliance	Compliance requirements managed internally	Internal and external compliance and auditing required
Financial	Mixed capital and operating costs; high salary expenses; long term investments	Primarily operating expenses; reduced salary expenses; resources on a pay-for-use basis
Innovation	Majority of investment is to improve the status quo; innovation can be slow and costly	Significantly increased agility; much lower cost for service trials; lower overhead for development and testing; new innovations are results-driven

The chart above implies that a transformation to cloud-based IT could indeed be business strategic with a requirement for overarching policies (as opposed to project-by-project business cases).

Related Articles

Peering into the 2015 crystal ball – the clouds will reign

For example, strategic business outcomes of the cloud transformation could include:

Globalizing the business using systems of engagement
Changing the corporate mindset from treating IT as an expensive, scarce resource to it being more like electricity – plentiful, readily accessible, with use-based pricing
Changing the IT funding model from capitalized discrete solutions to instant-access, “pay-as-you-go,” shared services
Changing business product development from relying on customized, “bespoke” automation to the adoption of standard services (i.e., renting a service that performs a standard business function instead of buying a server that processes custom-built applications)
Fostering product innovation by facilitating rapid prototyping, minimizing custom development, eliminating start-up overheads, and optimizing integration and re-use of assets

If cloud computing proves to be the most appropriate solution for multiple business issues (as might be demonstrated by the emergence of “shadow IT”), then a corporate policy that gives preference to (or even mandates) the cloud transformation would make sense.

The emergence of government cloud-related policies in the USA, the UK, Australia, Hong Kong, the European Union and China are examples of how this is being implemented in the public sector.

A Cloud First Policy could include such topics as:

Conditions for acceptable use of cloud resources and cloud-resident information
Scope of applicability – endorsement for certain classes of application
Governance requirements and processes
Harmonization across divisions and products
Risk positioning – security/privacy/compliance
Legal and auditing best practices
Avoidance of shadow IT, cloud sprawl and service duplication
Procurement – adaptation of methods for selecting and contracting with cloud service providers
Cloud management best practices including reporting, access control and authorities

Does your organization have a Cloud Business Policy? Are you planning to create one? If no, why not?

Would you recommend this article?

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada