This is the first of two articles dealing with the impact of cloud computing on the governance of the IT function. What follows is a description of the less formal internal IT governance mechanisms found in many organizations. The second article is directed at the more formal corporate IT governance steering committees and associated practices.
In theory, the realization of IT governance should be a seamless process running from the board room to actual delivery of IT services. In practice however, many organizations have an institutionalized steering committee with its associated processes that supports the organization’s IT related goals while the IT group has a leadership team or council whose governance activities are focused inward on such things as technical issues, standards, and resource management.
All IT organizations must navigate an ever changing sea of user priorities, vendor offerings, business needs, regulatory requirements and changing technologies while at the same time, delivering the systems and applications required to support the operations of the business. Those IT organizations that have the ability to manage increasingly complex environments are the one’s that are better suited to leverage new technologies, such as cloud computing. As company’s determine how to best use cloud technology those organizations with mature IT governance functions and clear IT architectural strategies will be better suited to take advantage of cloud computing and to integrate its capabilities into their existing technology infrastructures.
What is IT Governance?
IT governance involves putting defined processes around how IT resources are directed and how organizations align IT efforts with business strategy. Any IT governance framework should answer some key questions, such as how the IT department is functioning overall, what key metrics management needs to manage IT efforts, and what return the organizations IT investments are providing. Every company needs a defined process to ensure that the IT function supports the organization’s overall strategies and that IT activities are directly linked to corporate objectives.
Impact of Cloud Computing
Any potentially disruptive technology, such as cloud computing, can have a significant impact on how IT designs, creates, and delivers applications and systems to the enterprise. This impact can be either positive or negative depending on how receptive the IT organization is to change and its ability to formulate plans to leverage new technologies and incorporate them into its project portfolio.
In order for an IT department to be ready to take full advantage of what cloud computing, or any new technology can offer, it needs to have in place the following internal focused processes and capabilities.
Understanding the Costs to Deliver Services: The IT group needs to have a thorough understanding of the services it provides and the associated costs to deliver those services both for internal and external needs. An example of this would be for the IT department to recast its budget into a catalog of services and associated costs. This service catalog could include items such as the cost to provision and deliver a new server or to set up a new database instance. Without an understanding of the IT groups own “cost of goods,” there is no rational way to determine if a cloud approach for a particular project is more economical than using only internal resources.
Defined Application & Platform Standards: The IT group needs to have in place a clear set of application and platform standards that define the system environments it will provide and support, as well as sufficient checks built into the system life cycle to ensure that new projects follow these standards. This allows the IT group to reduce the complexity of the overall IT ecosystem and is a critical requirement to creating a rational cost structure. If the existing applications and systems are a hodge-podge of different platforms, operating systems, databases and vendors it will be very difficult to fully define the costs to deliver IT services. This also impedes the ability of the IT organization to create a coherent strategy for incorporating new technologies, such as cloud, into the existing IT environment while reducing the impact on existing operations.
Progressive IT Leadership: Efficiently integrating any new technology requires strong and forward looking leadership that is willing to seek out and evaluate new potentially valuable technologies. Strong IT leadership will help to drive the creation of a cohesive strategy for adopting cloud and to ensure that all areas within the IT group are on board with the direction the organization is taking.
Effective Internal IT Communications: Clear and consistent communications within the IT group is an integral function for any IT organization especially in regards to adopting a new technology such as cloud. The various groups within IT (operations, support, applications and administration) need to have consistent and clear communications with each other. This communication should include at a minimum the strategy for cloud usage, technical issues that might arise, existing or planned projects where cloud might be leveraged, and the long-term strategic planning directions for the IT group.
Comprehensive Risk Management Practices: Incorporating any new technology into an existing technology base carries inherent risk that must be effectively managed and dealt with. The IT group needs to have in place the risk management practices required to ensure that risks to existing operations and to project success are identified and mitigated. The IT group needs to look at risks on a different level than the overall enterprise. It must also include factors such as technology direction, the strength of the vendor, impact on existing systems, data security, access control, backup/recovery, and any potential disruptions to the operations of the business if there were a service interruption.
To properly take advantage of what cloud computing can provide, IT organizations need to take a hard look at their internal governance processes and adapt them as necessary. Those organizations that do not have the structure and disciplines in place to effectively leverage new technologies will always be behind the curve in delivering value and at a competitive disadvantage. Cloud computing not only raises the bar on how strategy and governance intersect it also requires centralized control to ensure that a coherent strategy is followed and risks are minimized.
The next article in this series examines the impact of cloud on more formalized IT governance functions using the COBIT model as a reference point.
About the Author
Bruce Maches is a 32-year IT veteran and has worked or consulted with firms such as IBM, Pfizer, Eli Lilly, SAIC, and Abbott. He can be reached at [email protected].