This continues the discussion of the interview of Tim Crawford by Andrew Dailey of MGI Research at the recent Teladata Technology Convergence Conference. As before, I have summarized what was discussed and injected my comments and thoughts triggered by their Q&A.
It was simple in the enterprise world. There was a main business organization with a handful of supporting departments like HR, accounting, legal, and facilities management. There was no doubt that the business organization was king. It ruled the enterprise without question. Then computers came to the enterprise. At the beginning, computers were subordinate, simply supporting business. As computer technologies advanced, it became necessary to form an independent organization called IT. Even so, IT was subordinate to business. Business dictated and IT followed.
It is hard to say when, but at some point IT got so powerful that business could not tell it what to do. Or more accurately, business was still boss, but IT became less responsive to business needs, and not just to requests; IT did not and could not respond to the changes taking place around it. IT was supposed to support and accelerate business goals, but it became a barrier to business. It became so bad that people said IT was the place where big, important projects went to die, according to Tim. For some time, business was frustrated with IT but did not have the means to bypass it. Then came the era of cloud computing and commercialization of IT. Business secretly formed a shadow IT department, like a shadow cabinet in the UK, and started to bypass IT whenever possible. Who can blame non-IT folks who need IT services yesterday? If it is going to be months before IT can satisfy my needs when I need it now, I will bring in my own gear or outsource the services. The big difference now is that we can do it if we want. It was not possible to do so only a few years ago. Tim said some CIOs now realize this and are working to face this straight, but many CIOs still think the old and traditional way of running IT departments is appropriate.
There is no real department for shadow IT. In a way, any business or non-IT staff who needs IT services can virtually form a shadow IT group and outsource their needs to cloud and mobile computing. If there were really one physical shadow IT department, it would be easier for the real or traditional IT department to confront it and take back control. But this shadow IT group is like guerrilla warfare. There is no particular place the group shows up. It appears where there is a real need for IT services, gets them quickly, and then may disappear. As far as I know, Tim is the first person in IT to admit that the blame is on IT for bringing this situation on itself.
This may not be a good analogy, but at the same conference Pascal Finette of Mozilla gave a keynote speech on open innovation. His theme was that opening the barrier could accomplish even greater results. Maybe it is a stretch, but I am saying that the IT department should be more OPEN to what their internal customers want and work with them for the entire company. Tim said that CIOs in this new era should take a very hard look at their core capabilities, review their portfolio of services, and decide what should be retained and what should be outsourced. This is a hard thing to do because it may mean downsizing the IT department. The CIO and the IT group need to have heart-to-heart discussions among themselves and with their internal customers.
It is easy to propose this at a high level, but how do you actually implement it? When it comes to cloud computing, the number of popular services like Salesforce.com and AWS is low, and it may be easy to evaluate the usefulness of each. But if IT approves a “bring your own device” (BYOD) policy, the sheer number of variations could be a problem. I would like to ask Tim about this. Maybe he has already addressed this in his blog.
Tim advocates that IT take the initiative to evaluate current services and gear before its internal customers come asking for support and approval. It would be great if, when a customer asks for services or new technologies, IT is ready to embrace the request and seamlessly integrate it into the current portfolio of services. That is a new value to IT and will definitely increase their importance in the company. There is going to be new pressure on IT. IT needs to study the market trends and new services and technologies daily and constantly. This alone would produce a ton of work. So this makes it even more important to review what they currently have and remove services of low priority from their portfolios. If some services can be easily outsourced without losing important elements, such as security, they should be.
For example, if IT studied Salesforce.com well in advance of a customer request to incorporate its services for business, it could accommodate the request with strong support. Moreover, because IT is probably the only department that interacts with most, if not all, departments in the company, it can facilitate communication between departments. For example, if IT understands how marketing and sales operate, it could avoid sending conflicting messages to the same customer from marketing and sales, which is very embarrassing, according to Tim.
What if IT provides virtualization? Would it be enough to prevent internal customers from resorting to outside clouds? Virtualization and cloud are two different things. I caught Tim after the interview to get more details on this, but that is a story for later. For now, let’s say virtualization is not cloud, and cloud is more than that. Tim said that the three pillars of cloud computing are economic value, flexibility, and responsiveness. In most discussions, economy is considered the key value for cloud computing, but Tim said it might not be the most important factor. Sometimes cloud computing may cost you more, but you may want to adopt it for its flexibility and responsiveness. To sell cloud computing to your CFO and CEO, you should be able to make each point by giving a concrete example and the savings associated with it. For example, scaling from 50 to 1,500 servers over days and weeks could only be accomplished via cloud computing; no traditional methods accommodate change on such a scale. Moreover, you should be able to convert this to $ to explain it to the CFO and CEO.
Is virtualization a necessary process before adopting a cloud service? Tim said that the adoption of virtualization is probably in the 30% to 40% range, less than the 50%-plus estimated by IDC. If you have not virtualized your data center yet, you need to take a holistic view rather than simply considering virtualization. Looking solely at technology (virtualization) is not right. After all, virtualization maximizes server utilization, but other things—like maximization of the organization’s resources and processes—are also very important. So, according to Tim, it is OK to bypass virtualization and adopt cloud services by paying attention to the whole picture.
What about organizations that have already invested in hardware? It is easy to talk about startups, which have very little IT gear, but larger companies, even small to midsize companies, may have a hard time moving to a new paradigm. Tim’s answer was clear: whether it’s hardware or software, everything will be replaced at some point. The lifespan of server hardware is about four to five years, and software applications must be upgraded or replaced at some point. That is the time to take a hard look at what to do from several points of view: economy, technology, process change, and the whole organization.
Finally, security is the number one inhibitor mentioned in many research results. The perception is that only larger companies need to consider both security and regulatory conformance and that small startups can adopt cloud computing readily. Tim said both considerations are required in any business of any size. So that kind of argument does not have merit. Also, he said, in many instances cloud providers’ data centers and security measures for other elements are better than those of companies of many sizes and kinds. In any event, if you worry about data security, you need to weigh convenience and ease of use with security risks. Having data at your own data center does not make it more secure than the data hosted somewhere in clouds.
There is a lot of talk about cloud computing, but sometimes people duck the hard questions. I will catch Tim in the future to discuss some of mine:
- How do you transition from virtualization to cloud computing?
- What are public, private, hybrid, and federated clouds?
- Is there such a thing as private cloud?
- Hybrid clouds? What about interoperability of VMs between private and public clouds?
- What new requirements, such as ID management, do federated clouds bring?
- What are green clouds? Can you quantify the greenness of clouds?
So stay tuned!