EU

Cloud strategy: Four steps to win back control from shadow IT

The increase in inhouse departments going their own way and buying on-demand software - shadow IT - makes it all the more important for tech to impose some order.

Most organisations are already using cloud technology, even though many don't realise it - but it's not too late for IT to retrofit a strategy that reasserts control and strengthens the CIO's hand.

About 90 per cent of companies are using cloud but only half of them are aware of it, a recent IDC European survey found.

That creep of shadow IT - where departments unilaterally buy their own cloud services - gives CIOs an opportunity to impose some order and move more towards a broker role, according to Mette Ahorlu, European services research director at the analyst firm.

"This is one of the areas where shadow IT is a really bad thing because the more fragmentation you get, the less control you have and the larger the risks," Ahorlu said.

She told a London audience at the recent Data Centre World conference that cloud offers genuine efficiency improvements and cost savings. "Not the 70 percent we occasionally hear about but in the first few years more than half [of the firms in the survey] said they saved 10 to 20 percent," she said.

Yet most organisations are using cloud without a proper strategy, even though 70 percent claim to have one. "I don't think there's much more to that strategy than a general direction. You need more than a general direction," Ahorlu said.

Because inhouse departments are already buying their own cloud services, IT needs to take a consumption view. "Look at it not just as, 'This is our area. This is how we deal with it'. It should be more like, 'What is it that you actually need?'" she said.

So IT needs to put in place a real cloud plan, which Ahorlu suggests should consist of four steps:

Cloud step 1: Assess your IT

Ahorlu argues the process must begin with an assessment of the business's technology. "Go through all your applications. Should you replace it, should you migrate it, should you keep it?" she said.

The assessment needs to examine the suitability of each app for each solution and any possible restrictions. "If you have just invested in a big datacentre and have loads of space, then you probably want to put new things there. If you're running out of space, you might be more tempted by a hosted solution," Ahorlu said.

"Business requirements are of course very key to this: security, compliance, performance availability."

You also need to look at traffic patterns. "Your ERP system will probably not have the largest swings and you can more or less predict when they will be, so that might fit better in a private cloud where you have security but not huge scalability" she said.

Ahorlu stressed the importance of considering the dependencies between hardware and software. "Not everything is good for the loose coupling. It might not be possible to [move it to the cloud]. It might not be beneficial to do it. If you have a lot of transactions - a database, for instance - it might not be a good idea to do it," she said.

You also need to ask whether your facilities are the up to the task. "Is your network good enough?" she said. "All this analysis will lead you to a business case."

Ahorlu emphasised the usefulness of outside help in this task because IT services companies have developed tools for this type of analysis.

Cloud step 2: Design your cloud

According to Ahorlu, this step is about creating a sensible architecture. "It's not just buying into ready-made solutions. A lot of people like buying into ready-made solutions in either a public cloud or using a converged infrastructure where's it's all packed together in appliances," she said.

"But you still need to think about the orchestration, the service provisioning, how you manage performance, how you optimise the whole thing. This is partly about getting the right software, but it's very much about how you set it all up so it works."

Cloud step 3: Implementation

She said this stage consists of the real practical work and advised against taking home-made approach. "Don't do this yourself. You're wasting your time. This is not where the intelligence lies," Ahorlu said.

"If you go to a provider, they have all the tools, they can do it quickly, they can do it more efficiently than you can and you'll mitigate your risk because they've done it a ton of times before and it will be faster and you'll get a better design," she added.

Cloud step 4: Management

Ahorlu described this step as the IT director's challenge. CIOs have to keep track of everything in a potentially complex new environment. It might consist of critical inhouse legacy applications, which stay in the traditional environment because they were developed 20 years ago and the business depends on them.

There might also be some on-premise cloud. SAP systems may have already moved to a hosted cloud, along with an Oracle database but a logistics app might be with a different hosted provider but still in a private environment. Less critical apps could be running in an Amazon environment. On top of that there might be Office 365, Gmail and Salesforce.com.

"It's not typical today but it will be tomorrow and a lot of people will have a lot more complex environments than this," she said.

If CIOs thought they had control before, they might feel they have now lost it, Ahorlu said. "Each of [the systems] is much simpler than before so in that sense cloud contributes to simplification but take it all together, it's not very simple," she said.

"A lot of these applications will interface as well. So you have created a very complex environment with a lot of moving parts. You need to have it under control, you need to manage it. You need to manage the IT but especially you need to manage your data."

About

Toby Wolpe is a senior reporter at TechRepublic in London. He started in technology journalism when the Apple II was state of the art.

3 comments
HypnoToad72
HypnoToad72

Re: Takeaway: The increase in inhouse departments going their own way and buying on-demand software - shadow IT - makes it all the more important for tech to impose some order. "Tech"? As in "technology", "technicians", "IT department", "the smurf village", "management", "the village people", or what? News forums seem to use the same word for multiple definitions and trying to train the populace to be allergic to multi-syllable words is going to backfire at some point...

HypnoToad72
HypnoToad72

The moment you rely on someone else is the moment you've lost it. It's that simple, and that often cannot be said. "Shadow IT", or whatever cute marketing term will be applied next week by the consortium that everyone is supposed to listen to and follow... but the consortium that says everyone has to do what it says will never take responsibility for when something goes wrong... it's just that. Obfuscation. Not a mature approach, that is...

chuck.patten
chuck.patten

"The increase in inhouse departments going their own way and buying on-demand software - shadow IT - makes it all the more important for tech to impose some order." This sort of thinking, that the rouge users can be corralled ignores the historic and contemporary root cause of shadow IT. IT managers thinking that they, and not the users, should dictate and control the tools that the business runs upon, especially when IT management thinks that it should have the ultimate authority to impose order. Companies forget at their peril that, "Those that make peacful revolution impossible, make violent revolution inevitable". In these cases the IT department gets scrapped or outsourced as part of "business economy" because they can no longer gain or keep the support of the departments that they serve who should nad would demand otherwise. If that 'shadow IT" does exist, it may already be too late for the CIO and the IT team.