Five Mistakes Companies Make in Their Cloud Strategies
Learn how to capture the full potential of the cloud.
Over the last few months I've been to several conferences and one of the common stories I'm hearing from CIOs is about employees who are using their credit cards to gain access to public cloud services from folks like Amazon and Google for business purposes. It is kind of freaking them out because these services are not certified for this use and IT is starting to look both redundant and expensive (the services are really cheap). HP just started a public cloud beta, which attempts to provide the ease-of-use advantages that these public cloud services do and is secure enough for most business needs.
Given the feedback I'm getting from these conferences, this is one hell of a good idea.
Let's look at what the requirement is and why it might be worth your time to participate in this free (one of my favorite words) beta.
We appear to be in a similar cycle to what first launched the PC. Line managers own a large discretionary budget (they mostly own the P&L these days) and are frustrated with IT either overcharging them, telling them "no," or not meeting their product or timing expectations when they need things done. They have access to a relatively inexpensive technology - PCs then and cloud services (tablets and smartphones) now - and are quietly moving to shift much of their work away from protected IT-supported services into the cheaper unknown of public cloud services.
The big indicator the CIOs have been reporting at events like CIO 100 is the proliferation of business credit card charges for Amazon and other cloud services being approved by line managers. Evidently, when most CIOs look into this, they are shocked by how many employees are not only in violation of intellectual property rules, but how often this non-compliance is actually supported by line management.
One of my favorite recent stories is of three engineers who were working for a pharmaceutical company and who needed to get a critical project done. When they went to IT, they were told the cost would be around $150,000 for the equipment and software needed to analyze their sample and the project would take between six and eight months to complete.
The engineers went online to a cloud service, spent $3,500, and got this project done in less than six weeks. They got an award for saving money and then, when security and IT found out about what they did, were fired for a violation of corporate IP policy the following day. It seems that no one could be sure where the highly confidential information associated with this new and potentially lucrative new drug had gone.
Understand that pharmaceutical companies are typically one of the most secure users of technology and, I'm told, this is hardly a unique instance and only came to light because the engineers put in for an award. Even there, I expect, the lesson wasn't don't do it, but don't brag about what you've done.
HP's Cloud: The Requirements
The requirements are simple: The service has to be as easy to use as the alternatives that aren't secure enough and can't be certified, but address those security shortcomings adequately. The extra protection provided can't cost more than line management - the folks paying the bills - feels is reasonable; otherwise, most still won't use it.
Price hasn't been disclosed yet, and often isn't during the beta, but ease of use looks to be close to what the other services provide short of the actual act of purchasing the service (which hasn't been turned on yet). The security aspects aren't a hard set of requirements for an enterprise-class vendor - they live the security requirements. The more difficult part is being able to handle individual transactions as easily as an Amazon or Google. But they could become an Amazon affiliate to meet that bar.
The point of this isn't to get you to buy HP's new service. In fact, the problem as it exists is that individuals who don't read IT blogs are going out and purchasing services now that we can all likely agree aren't in compliance with corporate security policy. My point is to encourage you to try out the beta and help make this a better product so that it sets an example and becomes the seed for a new class of IT-ready cloud services that provide the low cost that your customers want with the security your executives expect you to enforce.
If the cloud is our future, it is in our best interest for as many knowledgeable people as possible to get involved to make sure it is good enough.