I said, Hey! You! Get off of my cloud
Hey! You! Get off of my cloud
Hey! You! Get off of my cloud
Don’t hang around ’cause two’s a crowd on my cloud, baby
I am fairly certain that Mick and the boys were not singing about today’s clouds – computing clouds that is. I guess they could have been advocating private clouds, but I highly doubt it. However, if any of the Stones were current day CIOs, they might be singing “Hey, you! Should you be on THAT cloud?”
It seems these days that everybody in business has a cloud, is on a cloud or wants to be on a cloud. It feels like every tech article I read, every discussion I have with my technology partners, every request I get from my internal business partners includes the cloud word or one of the “X” as a service phrases – where “X” = software, platform, infrastructure. In fact I just read about a new company that has created a SaaS offering for farmers – not exactly an industry synomonous with leading edge technology.
Now don’t get me wrong, I love this cloud stuff. I have even gone on record as saying I would love to one day be the CIO of a company that has no data centers and owns no servers. But that day is not today – but its getting closer everyday.
There is still much to be sorted out with these clouds. While I meet with company after company that wants to talk about sellling me a cloud, not one of them wants to talk about how to manage them. How do you best evaluate the risks associated with cloud computing? How do you keep non-IT parts of the business from jumping on every cloud that drifts by them without fully thinking through all the ramifications of doing so? Without strong governance you have cloud chaos. In my part of the world, out of control clouds are called thunderstorms. While thunderstorms can bring much needed rain, they can also cause a large amount of upredictable damage.
To avoid the thunderstorms of cloud computing, companies must implement comprehensive cloud management procedures throughout the organization. The non-IT parts of the business need to include IT in the evaluation, selection and implementation of all cloud-based services. At the same time, IT cannot be the “department of NO” in an effort to keep everything within the four walls of the corporate data center. In addition, any ventures into the cloud need to involve those dreaded people in legal/contracts departments and whatever role(s) within the company responsible for risk management functions.
An easy place to start with cloud governance is to create and publish a simple “X as a Service” risk assessment form. The form asks 15-20 basic questions about the proposed cloud offering. The group within the company that is driving the effort completes the form and submits to the InfoSec or similar group within the company. The information about the proposed service is reviewed and where needed additional information can be requested. Where needed, the Infosec team can engage other functions – legal, privacy, finance, etc. – within the company to obtain specific feedback. It’s not an overly elaborate process, but it gets information about the use of cloud computing flowing through the organization and rasies awareness about potential risks associated with such services. Once risks are identified, efforts can be undertaken to address those risks and beging enjoying the benefits of the cloud.
Not all clouds are created equal – so make sure you choose wisely. If after looking at a cloud offering, there is a level of doubt about it, stop and ask yourself, “what would Mick do?”
Robert Not Bob 