However, is this CIO is really as in control of the situation as he thinks? If his experience is in line with what I have heard from CIO’s at similar enterprises, then he may well be blind sighted. For example, many businesses find that while their centralized governance processes are effective at improving security, there may also be some unintended consequences. While the CIO directs his team to implement policies to monitor the flow of information between internal users, customer, and partners, there may be some people in the company who are undermining his efforts. Tighter control at the corporate level may lead to longer approval processes for IT resources. And departments that need to complete a project quickly have never been very patient. As a result, developers and business unit analysts are leveraging cloud delivery models for quick and cost effective access to computing resources even if it means bypassing CIO instituted governance policies. Right now, the usage of cloud computing is small and is not impacting security or the expense structure in any significant way. However, I expect that as his company becomes more involved in cloud commuting this CIO will need to pay more attention to controlling the costs of cloud services and the management of cloud security.
Controlling costs. Cloud computing is fundamentally about the economics of delivering IT resources in a cost efficient, elastic, and secure manner. But, the price per CPU for compute power or the price to bring the first five users onto a SaaS application is only one element of the overall economic equation. It can be so inexpensive to access public cloud resources to meet short-term requirements that it is easy for users to enter a corporate credit card number and move ahead with the project. But, over time small projects can grow larger or take longer to complete than expected. For example, a software development team has a tight deadline to evaluate the performance of a new application prior to an upcoming sales promotion. One of the developers uses a corporate credit card to get the extra compute power needed for this short-term test and spends a lot less money and gets faster results than by requesting additional resources from his company’s data center. Job completed. Deadline met. Cost low. However, what happens when the application requires additional testing under various scenarios and goes into production? The initial payment to Amazon may have gone unnoticed, but when the development team’s use of cloud resources expands significantly the CFO and the CEO suddenly start to ask a lot of questions.
Security. CIO’s identify security concerns as one of the top reasons why they are cautious about cloud computing. In addition to checking out the security policies of the cloud vendors under their control, CIO’s worry that you may be accessing cloud-based services without their approval. One big area of concern is the increasing use of social networking applications accessed on mobile devices and used with little or no distinction between business and personal usage. For example, you may use LinkedIn to get help from a business contact to close a deal and Twitter and facebook to connect with friends and clients. For many people, there are few boundaries between business and personal conversations conducted in the cloud and this has some CIO worried about security and compliance issues.
The bottom Line. Unfortunately, these issues and concerns are not going away any time soon. In fact, I expect that the level of oversight will only increase. The CIO will be called to task if various departments begin relying on cloud services for various mission critical projects without any oversight. This is only the tip of the iceberg. And I suspect this is going to be a big iceberg.