We’ve lost control to business users before. But this time, the object that initiated our pain (the cloud) will also be the cure.
Over the last 35 years I’ve seen technologies come and go. For the foremost part, i’m able to drop them into certainly one of three buckets. (Maintaining a tally of greater than three is difficult at my age.)
The first bucket is technologies that move the industry forward — Ethernet on twisted pair other than coax, mini computers rather than mainframes, routers as opposed to bridges, tablets other than laptops.
Second are technologies which are the equivalent of pet rocks — a good number of fanfare, big flash, didn’t last within the real world. I actually have some in mind, but within the interest of not starting a flame war, I’ll just ask you to share your favorites within the comments.
The third, and smallest, bucket holds tech that disrupts the best way we do business. Users won’t wait to adopt these technologies through normal IT channels. They find how you can bypass controls within the name of economic growth. Who hasn’t examine the problem of going through BYOD? Stopping using mobile devices for work is ready as likely as cleansing the web of that embarrassing YouTube video. Another poster child for rogue it’s SaaS applications that let users to transport faster than the normal IT model.
Their justification: “It’s only a tool, and it’ll help me meet or beat my business goals.”
If history repeats itself, and I’ll give odds that it’ll, sooner or later the price and risk of using disruptive tech without IT involvement will exceed the quick-term benefit. I’ll also give odds that after it’s called in to wash up out-of-sync data, provide appropriate security, and assure there’s a backup and recovery system, it’ll be cloud technology and services for you to help us get things under control. It’s actually a predictable cycle. Let’s take a look at the 3 steps that rogue it’ll battle through in its latest iteration around cloud apps.
Speed vs. control: Speed wins.
When a business unit gets its hands on a brand new technology it could use to accelerate operations, that tech will spread like water finding the trail of least resistance. Finally, it’s unhindered by policies, purchasing red tape, and security and compliance concerns. When faced with the tradeoff between anticipating normal policies and controls to be installed place (the brakes) or the business moving fast to compete more effectively (the gas), speed wins.
Speed vs. risk: Balancing act commences.
At heart, risk is “impact x likelihood.” i will say from experience that usually even low-likelihood situations (like not sending flowers on my anniversary) can create very high risk. Here’s the analysis CIOs must do to ascertain when the danger to the corporate exceeds the worth to the business or department. Ignoring compliance, to illustrate, may reap benefits for a business unit — until an audit finding embarrasses the CEO in front of the board. Quantifying risk could be just as difficult as getting the technology under control, but it surely moves the discussion from being about technology to 1 about business.
Speed vs. pain: Ultimately, pain wins.
All things created equal, when the pain to the business of managing a rogue technology exceeds the worth it provides, something gives. Frequently, that “give” is an effort to transfer the pain to somebody else… adore it. It is not an issue of if this would happen with cloud, only when. The business has no interest (or expertise typically) in managing security, compliance, SLAs, or technology administration. i do not know many sales departments which can assess the safety problems with that cool new mobile app they’re using, or marketing departments which can manage a PCI audit in their cloud vendor.
While all this could fall on internal IT, now we have the choice to take advantage of new cloud technologies to shift one of the vital pain to outside services. Your first step need to be to analyze what the providers that business units have contracted with can do for you. They need to maintain that business, and that they get that working with it’s how that occurs.
As for business departments going rogue with IT projects, in the beginning, heed the old adage — if you cannot beat them, join them. Do not get mad, get in front of the curve by providing guidelines that the business can use to assess a hosting vendor or software company within the areas of security, compliance, and support. Be a partner, not an adversary.
If IT resources allow, offer to send someone to refer to through the selection process in order that it’s involved without being an impediment.
Finally, document the hazards linked to any rogue projects that you just get wind of, and share that information. You could not stop a department from doing something stupid, but you have to make business managers understand and accept the hazards they’re taking. Just remember that, because the CIO, you’re still at the hook for the outcomes — as i discovered out when the florist didn’t deliver those flowers.
You can keep only three security products. Which of them stay? Let us know in InformationWeek’s 2014 Strategic Security Survey and enter to win a 64 GB iPad or a one-on-one consultation with the report author, Michael A. Davis.
Dave Fowler is currently vp of promoting for INetU. Fowler is a veteran of the software industry, with greater than 35 years of industry and senior management experience in marketing, product management and development, business development, and sales. His most … View Full Bio
More Insights