Cloud Guidelines: Its Just Good Policy

Cloud Guidelines: Its Just Good Policy






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Cloud Guidelines: Its Just Good Policy Cloud Guidelines: Its Just Good Policy Document Transcript

  • Cloud Guidelines: It’s Just Good Policy Focus Research ©2012 All Rights Reserved
  • Cloud Guidelines: It’s Just Good PolicyBefore The Cloud, IT spending and IT policy were tightly controlled. Now end-users can whip out acredit card and acquire IT services on the fly. First there was server sprawl. Then VM sprawl. Do we needpolicies to prevent cloud sprawl? Lori Janjigian, VP of client marketing at Focus, got to the heart of thematter when she asked: “Is there a need for a cloud policy? What should it cover? How broad should itbe in terms of what (purchasing, consumption, security) and who (IT, employees, supply-chain partners,vendors)? Who should own it, and how should it be developed (top-down, bottom-up, crowdsourced)?How often should it be reviewed?”It’s no surprise that the experts who responded were emphatically pro-policy. But their road maps forreigning in cloud sprawl took some intriguing turns.Anders Trolle-Schultz, managing partner at SaaS-it Consult, insists that IT must hold the keys to thekingdom where policy is concerned. As he sees it, the entire organization shouldn’t get to vote cloudpolicies up or down; rules and regulations should instead “be born from within the IT department, as partof the overall IT strategy for the company. Just because cloud services are much easier to consume andpay for by the employees, doesn’t necessarily imply that they should be able to do so.”Barry Schaeffer, principal consultant at Content Life Cycle Consulting, suggests that policy should be“grounded on what The Cloud actually is: a series of remote service bureau vendors and services, allcompeting and all approaching their services from slightly different perspectives.” No company shouldtake on The Cloud without a comprehensive policy, Schaeffer says, that details “how to choose andmonitor a vendor; how to protect the assets turned over to the vendor; and what to do if things go south.To do otherwise would be like cranking the Titanic up to 22 knots on a moonless night, without binocularsin the crow’s nest.”BrainWave Consulting’s Andrew S. Baker agrees that IT should set cloud policy, but he believes it’s anopportunity for IT to play the hero rather than the scold—provided IT keeps policies as uncomplicatedas possible. “The maturity level of the organization should be one key consideration for how detailed orcomplex the policies should be,” Baker says, “but in general, simpler is better.” Baker adds that cloudpolicy should “cover things like how the organization intends to use the cloud, and what the basic rulesof solution procurement will be.” He thinks the time has come for both large and small organizationsto understand “that IT is not just about tasks performed or technology purchased, but about people,processes, and tools that need to be managed. Corporate governance, of which IT governance should bea key part, is something that every organization needs. … Rather than the cloud representing a negativeCloud Guidelines: It’s Just Good Policy Focus Research ©2012 2
  • for IT departments and staff, it could prove to be a major catalyst in cementing their role at the table ofcorporate governance and stewardship.”SummaLogic’s Robert Keahey admits that cloud computing is “technologically disruptive in many ways(e.g., BYOD),” but he maintains that “with agility and flexibility comes some unexpected and unwantedside effects.” Developing a cloud policy “doesn’t need to be all-encompassing and agonizingly detailed,”Keahey says, lest it risk becoming “burdensome to the point that organizations will spend moreenergy and money trying to circumvent it than they do leveraging it for the good of the company.” Herecommends that various departments craft cloud policy, including “legal, IT, the CIO, and CSO to name afew.” Most importantly, he says, “the policy team must include people (business unit reps) who will be thebeneficiaries of the company’s cloud computing strategy. Ownership and buy-in by the user community isessential.”Finally, Keahey sees setting cloud policy as a chance to educate: “A key aspect of the policy should beits educational value,” he says. “Cloud computing has many definitions—why not explain your company’sview of it to the employees? We spend a lot of time and money on training for new HR policies, producttraining, process training. Companies should do the same for this new service model that holds thepotential to dramatically change their capability to deliver goods and services and reshape their markets.”Has your business formalized its cloud computing policy? Who helped draft the guidelines? Or is yourcompany avoiding the issue altogether? Are you concerned about cloud sprawl creeping in through yourbusiness’s back door? Alec Wagner is a writer, editor, custom content specialist, and content marketing professional. A former managing editor of, he has trained his eye on the enterprise technology space for more than a dozen years. A longtime digital nomad, he divides his time between San Francisco and the South of France. He remembers to thank The Cloud daily for enabling his globetrotting ways. Mr. Wagner also enjoys lively debates about how warring tribes (be it business vs. IT, dev vs. ops, or sales vs. marketing) can find ways to work together better. He is of the opinion that the old chestnut, “There’s no ‘I’ in ‘team,’ ” is quite hackneyed, yet altogether true.Cloud Guidelines: It’s Just Good Policy Focus Research ©2012 3