Thursday, September 13, 2012

You can't just say no

This post by James Staten is a bit of an ad for some detailed Forrester reports, but in nonetheless offers solid succinct advice about how most organizations should approach a cloud use policy.

It's too late for your policy to say, "The use of cloud services is not allowed," so you need to start from an assumption that it is already happening — and that more of it is happening behind your back than in front of your nose. In fact, any policy that takes a draconianly negative tone probably won't go over very well (it might just be blatantly ignored).

A better approach is to actually encourage its use — in the right way. Your cloud policy needs to present IT as an assistant to the business in the use of cloud and as an advocate for cloud. This will ensure that IT isn't seen as the internal police that you need to hide your business-driven cloud use from. Because your policy should help bring cloud use into the light where it can be monitored, managed, and made better.

As Red Hat's CIO Lee Congdon put it in a webinar I did with him back in March: "Moving to cloud? Your business may have already beaten you to it." with "websites, social media presence, customer service, and CRM." 

The situation is similar to (and, in many respects, related to) Bring-Your-Own-Device. When I write about BYOD, I invariably get comments to the effect that it's a passing fad waiting for a disaster to strike and for IT to subsequently clamp down. This reader's response is fairly typical of such an attitude: 

Eventually when many of the younger crowd starts to understand why they can't find work, they will realize that employers call the shots. The BOYD trend was started by a small group of people who thought their devices manufacturer (I'll give you 3 guesses who the manufacture was, and the first two don't count) is so superior to other devices that they refused to work on anything else. I would happily wish those people well finding employment elsewhere and call for the next interviewee.

As Staten correctly notes, in most environments trying to roll back the clock will merely drive usage underground and beyond the ken of IT governance and policy--to say nothing of cutting off IT and line of business users from the genuine benefits of public cloud services.

The reality of cloud usage (in its various forms) is one reason why many users with whom I speak are intensely interested in topics such as hybrid clouds and application/portability. They realize that cloud is happening and they don't want to stop it. But they do want to bring it under an integrated management and policy framework that empowers users while protecting the company.

And this is why at Red Hat, everything we're doing in cloud from Red Hat CloudForms, to OpenShift to OpenStack to our Certified Cloud Provider Program is built around the twin concepts of open and hybrid.

No comments: