Cloud

CIOs worried by the cloud, as IT departments get left out in the cold

Cloud computing is being used to outflank the IT department, creating tension between CIOs and the rest of the business.

CIOs are worried: cloud computing is being used as a way for businesses to dodge the IT department and get services delivered more quickly. But as well as giving the CIO sleepless nights, this attempt to side-step the IT department is causing additional cost and complexity along the way.

I recently wrote about how cloud computing deployments are kicking off without the CIO's knowledge, and only coming to light when sys admins put their expenses through. Inside a large organisation this can mean uncontrolled spending on cloud computing that rapidly reaches tens or hundreds of thousands of dollars.

And according to research by Forrester Consulting, two thirds of CIOs now believe their business sees cloud computing as a way to circumvent IT.

"The simultaneous pull of cost reduction and simplification in one direction and better, cheaper, faster in the other is putting a strain on IT's ability to meet expectations. CIOs are concerned that cloud provides their business a way around IT, which undermines the strategic partnership they are trying to build with business leaders," said the report 'Delivering On High Cloud Expectations'.

According to the report, one in three CIOs strongly agreed with the statement, 'business executives perceive cloud as a means to be less dependent on IT,' while only one in five non-CIO respondents felt the same way.

"This contrast indicates CIOs are more concerned than their teams that public cloud challenges, and maybe even undermines, their organisation. We agree with their concern; unbridled public cloud acquisition by shadow IT circumvents carefully planned strategies to reduce complexity, control costs, and provide reliable services."

The survey also found that 'shadow IT' acquisition of cloud services is adding to confusion: 48 per cent of firms surveyed officially support deploying mission-critical applications to managed public cloud services, even though these services were being deployed by 80 per cent of organisations. "The 32 per cent difference suggests that many firms circumvent IT to get the services they want, confirming CIO worries."

Four out of five respondents said setting a cloud strategy is a high priority, but IT organsations are struggling with complexity: four out of ten respondents said they had five or more virtual server pools, and three or more hypervisor technologies, making reducing cost and complexity a priority. The survey, sponsored by BMC Software, polled 327 enterprise infrastructure executives and architects across the US, Europe and Asia-Pacific.

About

Steve Ranger is the UK editor of TechRepublic, and has been writing about the impact of technology on people, business and culture for more than a decade. Before joining TechRepublic he was the editor of silicon.com.

27 comments
waltersokyrko
waltersokyrko

Internal IT department should be the experts in cloud computing. If client finds a cloud provider that is cheaper and better then internal IT department is not doing the job that it is being paid to do. As an IT Architect, I always investigate cloud option to meet client requirements. In general, cloud option is superior for small number of users or fluctuating load or both. Once clients realize that internal IT department is more knowledgeable than they are and internal IT department will choose cloud when cost and functionality justify it, clients will stop trying to circumvent internal IT department.

HHH
HHH

Cloud computing????? Don't think so. Here's why. Cloud computing is a fancy name for hosted services which has been around for a long time. So someone came up with the idea to switch "hosted services" to "cloud computing" to push to the exec's. Sounds great, cost effective, 24/7 access. for any location, redundant systems, etc.. etc. etc. Please keep feeding me the BS. What sales people tell you and what is actual are almost 2 very different things, here is an example. Exec's decided to move our e-mail systems to the "cloud" hosted by one of the top internet providers. They gave them the whole sales pitch so the decision was made to switch over. Went fine for a few months then problems started arising. Loss of connections, address book not updating, calender sync issues, and so on and so on. So who did they call for help? Not the providers of the hosted services but us the internal it team. So what did we do? after hanging on the phone for 2 hours we placed a ticket with the company and 2 weeks later the issue was resolved. Well some of the issues, the rest are in limbo until we called again and again waiting for them to get back us (which in most cases they never did) and when they did it was because of our persistence. Now if the I/T team responded with type of support i would be looking for another job right now. But here is the kicker, turns out they didn't actually host the services themselves but contracted it out to another company and charged us a premium. And what a premium $50K a year. That enough to cover servers, failover systems, redundant links, licensing, backups well you get what i mean. Welcome to the REAL world. Execs took the blue pill we took the red. (or vise versa, whatever) PS. we did have a SLA agreement in place that was suppose to cover all this.

NicBellenberg
NicBellenberg

As I see it 'cloud' applications have been seeping into organisations for years. By delivering over the internet, and sold direct to business units as low cost, no fuss applications, they have managed to stay out of sight, under the waterline, making multiple isolated islands of inconsistent data. If a CIO has been unaware of these activities, finding out 'too late' is a shock. But in many cases, while internal systems could have provided 'control', the funds needed to develop your own systems did not exist. I have been in the position of being unable to supply technology due to lack of funding, so have got involved with the projects to deploy specific cloud apps. This is the only sensible alternative to a blanket ban -- get involved, help the projects progress, look after security and try to ensure that data can be imported and exported and fits corporate formats and strategies. The other reason that cloud apps frighten CIOs is facing up to the sheer effort involved in change management if a large scale corporate deployment was considered. Effort both in selling a project in and providing the detailed TLC needed to ensure it is accepted and used properly. You will need a really good reason to move an organisation from MS Exchange/Outlook/Office to Google Apps, and if the existing technology is reasonably fit for purpose this may seem impossible. But if the existing tech is failing, then cloud will be seized upon as progressive and an advance, despite differences and loss of detailed functionality. But who wants their existing tech to be failing? Most CIOs will work very hard to protect their organisations from this reality until it is too late. Look at the many case studies and consider how many organisations have moved to Google Apps, for instance, because they have had burning need for change brought on by deficient existing systems? Rather than just fancied something new? And in how many companies has this coincided with an existing CIO exiting an organisation (perhaps not by choice) with an interim or new broom then making the high profile changes to which there is 'no alternative'? Of course that worries CIOs. But really they -- we -- should be brave. Stop defending outmoded systems that need to be changed ??? support them professionally, but make sure that the need for change is well known and understood. Sell Cloud harder, make sure all levels of your companies understand why the world is changing, and build good business cases that include provision to make decent personal training/hand holding that will make implementing Cloud apps a success. Keeping on reheating the status quo, because it's easier and perceived as cheaper to 'just do an upgrade' to existing technology will not move on our organisations or careers.

draco vulgaris
draco vulgaris

The "Cloud" looks rather nebulous to me. Where, exactly, is it going to save my data? Who else will have access to it? Anyone with PHYSICAL ACCESS, in effect, has unlimited access. Can I trust other people "in the cloud"? These are just rhetorical questions, I'm retired and no longer personally involved.

john.long
john.long

Who???s running the mad house? If it???s true the CIO???s are being [feeling] circumvented by System Administrators or others then the CIO never had control and the corporation has very weak procedures for capital investments. There is clearly some fallacy with the survey. Government CIO???s shouldn???t fear because there is more than needed U.S.C that requires CIO approval for everything IT.

jreadams6
jreadams6

Another question would be why aren't IT departments leveraging Cloud where appropriate.

mike_d_allen
mike_d_allen

Compuware commissioned a European and US survey of 520 CIO's in September 2011 http://cpwr.it/H9t13x The results revealed a lack of transparency into the performance of cloud providers is reversing IT maturity across 64 percent of the surveyed enterprises. Specifically 67% of enterprise mobility projects forge ahead without IT's full involvement!

Steve Ranger
Steve Ranger

@gechurch: from the report "Eighty percent of respondents reported deploying mission-critical workloads to managed public cloud services today, while 58% reported the use of unmanaged services." Cloud adoption is high - even if the CIOs don't realise it!

gechurch
gechurch

You state "...these services were being deployed by 80 per cent of organisations". Given you were talking in the context of "mission-critical applications to managed public cloud services" that number seems staggering. I can only assume you changed context without stating it (ie. 80% of enterprises have already deployed services to the public cloud, but not neccessarily mission-critical ones). If this is the case I think it's worth editing the post as it is currently misleading. If it's not the case I would be very interested in seeing the statistics backing this up.

sanjoz
sanjoz

When we use cloud technology, we have no idea where in the world the intellectual property or sensitive private customer information will end up. To save costs, cloud service providers can locate their data centers anywhere in the world. If the cloud service provider's hosting service then chooses to sell/share/use that information, the company will have a tough time enforcing privacy/copyright laws outside of its jurisdiction. The company would also have a hard time trying to prove it has done all it can to ensure it is complying with customer privacy laws. In short, the cloud is not really ready for corporates yet, I believe CIO's and CTO's should be doing all they can to ensure policies and and security is in place to ensure the IT department is not bypassed. The IT department have the required skills judge if and when the cloud is right for corporate use.

zsoltekulcs
zsoltekulcs

Cloud companies are supposedly big and experienced, thus giving much more safety and better cost sharing than own in-house solutions...? I think, it is not always the case. Like you never know what your favorite cloud provider will do with prices, etc. in future. Ever thought what happens when you need to move on or pull your data off the cloud? Sometimes, with cloud apps it is not even possible, but currently not much care is taken, till is too late. CIO's mostly know this, and they have a reason to ask the annoying questions. Cloud computing still needs to mature and it will take the place which belongs to it.

Slartibartfast
Slartibartfast

Although I doubt this is as pervasive as this article suggests, if you are a CIO, and you haven't figured out how to use 'Cloud' technologies as a way to make IT deliver better, cheaper, faster services for internal clients then yup, this will happen. It's the PC revolution all over again, IT has to adapt and embrace, not deny and resist.

PensivePeter
PensivePeter

This disambiguation is important: there is a lot of muddle around the titles of CIO and CTO. Often times, when the term "CIO" is used, what is actually meant is the person responsible for the IT infrastructure - and managing that technology as a corporate asset - this I would call a CTO. A CIO, on the other hand, is responsible for managing the information and data of a company as a corporate asset, irrespective of the technology. Using these definitons helps: if a CIO under this definition is bypassed in considerations of moving to the cloud, then that shouldn't be such a major issue, as their role is essentially one of defining policies regarding the management and governance of information assets. A CTO however should not be bypassed - not only should they be included in considerations such as total cost of ownership - but the CTO also does the job around *implementing* corporate policies regarding information security, access control, privacy, etc. - and they should be instrumental in defining the criteria by which a company can judge whether cloud offerings comply with the policies that the CIO will have determined as necessary for the company's asset protection. As companies migrate to the cloud, the operational functions and responsibilities of a CTO will dimish - that's partly the point - but they should still retain the overall responsibility of governance of their XaaS assets: there will be a distinct shift in work load away from operations and towards governance. The CTO's role, on the other hand, should not change with the migration to the cloud - the responsibilities remain the same. In many companies, the two roles are munged together - and even if they are both performed by the same person or team, disambiguating the roles and responsibilities will help a great deal in assessing the RoI and cost/effectiveness of a move to the cloud

eric.schell
eric.schell

???The simultaneous pull of cost reduction and simplification in one direction and better, cheaper, faster in the other..." This just the sort of bafflegab that muddies the discussion. Straight-up obfuscation, that's what it is. "cost reduction" pulls one way, while its polar opposite "cheaper" pulls the other way? Excuse me? False dichotomy #2; one is "faster", while the other is "simpler". Bullshit.

chalicemedia
chalicemedia

Aside from cost concerns, a hard question an CIO needs to look at is... "If an employee with access to sensitive information is fired, can we kill his Cloud access as fast as we can can internal access?" Another, bigger risk, and a question I haven't seen anybody asking - might be "What's to stop an employee with corporate laptop or tablet from pushing sensitive information to his/her own private cloud account?"

doug
doug

Nothing about making it easy for people to move to the cloud.

macmanjim
macmanjim

The cloud changes everything. It's the ultimate outsource. A lot of frontline people will go away eventually as well as other jobs as they aren't needed anymore. It's great if you work for a cloud provider, but the old hierarchy will be gone.

info
info

Of course CIOs would think that. Most of these people come from the 'old days' of Big Iron, or at least when every company had a good-sized server room and employees still wrestled with command lines, or Windows 3.x. Hell, *I* think that! Even though my boss assures me otherwise, and that seems to sound out with those survey results. Sure, CIOs have reason to fear. Cloud IS coming. But like I told my boss, the only reason I stay away from it is cost. These providers are GREEDY. (Case in point, being charged ~$400 a month for hosted VoIP when I can buy a low-maintenance system for ~$2k, drop their service to ~$125 a month and get a 1 year ROI...) Once they figure out they're like insurance or prostitution (selling the same thing over and over) and drop prices to where people will see maximum value and the companies will turn a MODEST profit, THEN Cloud will take over. But as my Boss told me, and the directors/managers/board members at these other companies will probably do, they'll STILL go through the CIO for projects like this, just to get their take and experience on things. We just don't understand how little these people know about the IT realm, and how scary they find it, because we find it so easy...

mcquiggd
mcquiggd

More click bait created in 30 seconds by ''Tech Republic''.

nwallette
nwallette

No one outside of IT cares about technology. They care about costs. Datacenters and equipment are expensive. Think of all the capital required to build a robust network, all the money paid for support contracts and licenses, and how every 2-5 years, you're buying new switches and routers and servers. Then, compare that to a solid per-month fee. That monthly cost looks a lot lower than the expense of owning equipment. Anyone that has actually made an Ethernet cable knows there's a lot more going on than that, but to the CFO, CEO, presidents, etc... it's a cost center. IT costs the business significant money. Now, what can we do to make it less expensive? How about this cloud thing? Then we don't have to pay for servers anymore, right?

CharlieSpencer
CharlieSpencer

the word 'appropriate'. IT departments may be overly concerned with data security; end users may undervalue it.

gechurch
gechurch

Thanks for the reply Steve. I really am blown away by that figure.

j2will
j2will

There is much ambiguity concerning the responsibilities of the CIO and the CTO but that should not preclude one or the other from the planning and development of a technology that will radically change the way the company goes about doing its business. Both these positions are on the chief executive level and while the CTO will be more concerned about the technologies involved in the cloud, the CIO will be concerned about how the information will be handled, stored, and accessed. Leaving out either one will leave areas within the changeover that could cause some serious hold ups in the migration phase of the project. In my experience as a CTO, such major efforts need all the chief level executives involved in the changeover. In your example, the CIO is responsible for ???defining policies regarding the management and governance of information assets.??? Without the input from the CIO, the company could commit itself to a contract that does not meet all the management and governance issues the policies and procedures are set up to handle so everything meets the criteria of federal, state, and corporate mandates. The CIO is the expert in this area and the expert in the technologies is the CTO. Working side by side they would be much more certain of creating a much more viable situation. With the input from the CFO, they would have a financial basis of what they could work with.

gechurch
gechurch

I don't know that these are concerns are unique to the cloud. Perhaps your first example (firing someone) it would take longer if you had to disable both the local account, and accounts with the cloud provider. This shouldn't take long though. Your second concern is really nothing to do with the corporate cloud at all. If you take a company with only internal services the same question can be asked "What's to stop an employee with corporate laptop or tablet from pushing sensitive information to his/her own private cloud account?".

gechurch
gechurch

The point where costs of cloud computing drop significantly is the point where things get scariest. With no outside checks and balances what's to stop cut-rate cloud provides from cutting corners? "We've got awesome Cisco gear that's not likely to fail, why waste money with redundant gear?" "We're too busy to check on those backups, and what are the chances an end user will need one anyway? We'll check on them next month when we've got more time". "Experience sys admins are so expensive. I can get two 'computer geniuses' out of college and still have change left over". "Automatic updates are turned on for these servers. That should be enough security". "It's too expensive putting in a decent wireless network link. Let's just chuck an ADSL link on another phone line and that'll be our redundant link". "Proper background checks on staff are so expensive and time-consuming. That last interviewee seemed like a nice guy. I'm sure he's trustworthy." I could go on. When you outsource to the cloud you get little or no insight into what goes on behind the scenes. Any or all of the above could be happening and you'd have no idea about it... until something fails. Amazon's had massive outages despite their totally redundant servers/networks/data centers. If they can't get it right, what are the chances Bob's Discount Cloud Store will?

Steve Ranger
Steve Ranger

Equally, I asked for a show of hands at a conference I was chairing recently and only about 10 per cent admitted to using the cloud at all. So there's lots of conflicting info out there right now!

Editor's Picks