Cloud Computing cannot be ignored. Even if you work in an organisation where security restrictions mean that it is unacceptable, then you need to take view and make a clear statement to the organisation.
The genie is out of the bottle. Cloud Computing is here to stay. As long as business users have a browser and an internet connection the problem exists.
Simple – ban internet access. No. That will drive the Stealth Cloud ever further underground. Business users will buy laptops with 3G cards and completely by-pass IT. Ridiculous you say, but I can think of two recent examples where this has happened. What a pointless waste of company time and money.
The response of the CIO and IT department is critical. Cloud Computing is like a crystal glass. Hold it too tight and you will crush it, but not tight enough and it fall and break. It is a fine balance.
So the solution to this problem comes from the most unlikely of places: the Italian kitchen and PASTA.
P : Policy. What is the corporate policy for Cloud Computing. Remember, that “It is banned” is not an acceptable answer. That will drive the Stealth Cloud further underground. What types of applications can be Cloud? Should you be providing a Cloud platform for users such as Force.com? The Policy needs to be pragmatic if it is going to be adhered to.
A: Amnesty. You need to find out what business users are doing. But they are unlikely to tell you if they believe that they will suffer either in terms of their career or being prevented using the application. The amnesty period needs to be less than a month to drive urgency and it needs to very clearly and widely communicated. For example, after the amnesty end date any use of Cloud Computing outside the Policy is a disciplinary offence.
S: Support. End users need to believe that if they are honest in the information they give during the Amnesty it will be used to help them and support them. Therefore IT needs to support them using the application – NO MATTER how FLAKY the you believe (or know) that the application is. This will be very hard and require a huge level of self control.
T: Technology Evaluation. This is a full evaluation, both technical and commercial, of the Cloud applications being used. This is probably a non-trivial activity, based on huge number of applications that are being used and the time taken to really find out about some of the smaller companies.
A: Adoption. Now you need to build your Cloud architecture for the company. This may consist of many of the applications currently being used but will also involve some users migrating from their chosen application to the corporate standard. And then you need to work hard to drive up the adoption of the chosen application. But that is nothing new.
As the CIO you need to sprint to get ahead of the ball through the Policy, Amnesty, Support phases. Only then are you in some level of control and can evaluate the true risk to the business of the Stealth Cloud. After that the Technology and Adoption phases can and will take some time.
Cloud Computing is here to stay. Business users are voting with their browsers to use Cloud applications. But they are often unaware of the risks that they are putting themselves and their companies under. PASTA is an acronym describing an approach to evaluate and control the risks of Cloud Computing in your corporation. So as CIO, if you can’t stand the heat, get out of the kitchen.