Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Does the business really hate IT?

Does the business really hate IT?

  • Comments 1
  • Likes

Back at the times of outsourcing, there was real tension between IT and the business. Internal IT had the “comfortable” position of having a monopoly: The business used the internal IT and basically just had to pay the bill. Then times came, where the business was not satisfied anymore. That basically started with the time of the PC. IT was in kind of a losing position: If the decentralized IT worked, it was just what users expected, if it did not, users complained. Additionally, as IT was treated as an art rather than an engineering discipline (that’s the way it is still run in a lot of occasions), cost just grew, without a real need of rationalizing. IT is critical for all the businesses but the value is hard to measure (until you lose your mail server once for a day).

Then outsourcing came and everything was getting better – not really. A lot of companies outsourced a problem – they used the same people with the same attitude and outsourced everything to the outsourcing provider. But now they had a contract – and so did the outsourcer. There were (and still are) numerous meetings I have been in, where the customer and the outsourcer were fighting, whether applying a patch is part of the contract or not and whether patch management should be done more than every six months. Finally, the customer had to learn to become a customer as well and specify their needs.

Why do I write this? Because I see similar discussions today with the Cloud. Business is not satisfied with how internal IT delivers. They are too slow, too expensive and too unreliable – therefore the business is looking at the promises of the Cloud: Fast, reliable, inexpensive. What does it really mean for the business? For IT?

  • To me the business has to understand that if they move to the public cloud, there is a good chance that they have to adapt their business processes. Remember the huge ERP projects? It is not that different. This might be good as it forces the organization to clean up – but it shall be a conscious decision. Even for the part you are moving to the cloud, you still have to keep part of your responsibilities: You are still ultimately responsible for your compliance. You should keep your identity management in house and risk management for your business cannot be outsourced. You have to have a data classification, which is applied and lived – this is, how we described it in our Cloud Computing Security Considerations. Last but not least: You are the customer of a standardized service. Make sure you understand this as this will be a long-term partnership you are going for, with very, very limited flexibility of the final solution.
  • If you move to the private cloud, the situation is slightly different as you might have more influence on how your solution looks like but even the private cloud is not an outsourcing as you knew it – e.g. most probably you will not be able to tell the cloud provider how they will run their datacenters. You will run on your own OS-instances (does not necessarily mean your own hardware as the solution will most probably be virtualized) but even the question of the data location might have to be negotiated. And: It definitely costs more.
  • If you are an IT organization: Become a Cloud provider. Become the partner for your business in the Cloud. You business will want to have part of it in a private cloud – offer this in a way you can compete with third-parties as you will not be able to compete in the public cloud.

This decision has to be a strategic decision and not a decision taken because business does not like their own IT. For the internal IT it might be a threat (if you decide to sit and wait) or an opportunity if you take the strategic decision and opportunity.

Now, the reason for this post was actually in an article, which was sent to me: Why businesses move to the cloud: They hate IT

Roger

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment