By the end of 2016, businesses are projected to spend over $73 billion on cybersecurity, yet they’re no more secure for it. Why? We’ve been looking at the problem through the wrong lens; IT too often makes incremental changes instead of planning a forward-looking approach that takes into account both old and new technology and network architectures. This mindset comes from letting “business drive the bus.”
On the surface, this mindset might seem like a good thing. We’ve been talking for twenty years about how to let business outcomes drive technical decisions, not the other way around. But there are two major ways in which this can go wrong.
The first is letting legacy technologies drive current decision making. Even if an organization runs on hard-to-adapt legacy solutions, it’s dangerous to make decisions based on supporting that legacy environment. Such decisions have everything to do with replacing legacy point solutions without upsetting the architecture of which they are a part. Bad idea. It’s time to rebuild for flexibility in a constantly changing environment. The cloud and virtualization have ushered in new ways of integrating products and solutions with existing infrastructures, and companies need to keep that in mind even when making point decisions. There’s no question that the technology landscape today is much different than the one that IT has built and supported over the last 40 years. When IT allows legacy to drive the bus, business gets off and calls Uber.
This is the case with what is often referred to as “shadow IT,” in which groups bypass IT and adopt cloud applications on their own. In an environment where IT decisions more resemble ecommerce purchases, IT can quickly lose any role whatsoever in the transition to new architectures. Now, instead of leading, IT is out of the loop. While the ability to directly adopt technology is a good thing, IT should be guiding the business toward good decisions, while accepting some loss of control. Therein lies the challenge.
Clinging to legacy technology and concern over shadow IT are both problems augmented by a common culprit: fear of giving up control. A book could be written on the matter, but at a minimum CIOs need to help their teams embrace a new role in this infrastructure evolution. Complete control is not possible amid constant change. As a result, IT professionals will now have to paint the lines on the road instead of driving the bus. If done effectively, the process can chip away at the edges of any legacy platform — both strategically and for the needs at hand. Here’s how this process can be done effectively.
Shifting Gears
Cloud computing is not a technology shift; it is a business shift that has enabled organizations to work more efficiently, from the services offered, to the roles played by internal teams. The convergence of mobility, connectivity, easy application consumption and elastic computing resources has spurred business in powerful ways not possible before. From an IT perspective, this convergence has resulted in the loss of control points (like servers and user access) that has been central to IT since the earliest moments of technology in the workplace. But in exchange, an opportunity has arisen to help businesses grow through IT transformations that take advantage of all the opportunities the cloud presents. Capital One is an excellent example of a traditional finance company that is fully embracing the cloud and using it as a way to increase efficiency and accelerate innovation. They are integrating Amazon Alexa voice services with traditional banking services, and building and migrating new and legacy applications to the AWS platform.
Letting Go of the Wheel
The role of IT is no longer the upkeep of information technology but rather that of a navigator, helping the business get safely to its destination. This is especially important in a time of transition from older technology to new public cloud and “X-as-a-service” (XaaS) deployments, which have become the norm for any effective business.
For IT to be successful in this role, it must learn to trust cloud and service providers, and even take up some of the ways they operate. It’s not an “us vs. them” scenario, but a cooperative one and trust is key. The reputations of cloud and service providers rely on their ability to execute. In many cases, they’ve already assembled top teams, which is why government agencies, such as the National Security Agency (NSA), and companies, including Netflix, turn to vendors like Amazon Web Services when building their clouds — instead of going at it on their own.
Get in the Fast Lane
Many organizations approach the cloud as they would any major IT transition. They analyze it, try to understand it and learn as much as possible about cloud provisioning, management and security. Although it’s not a bad approach, traditional vetting and risk processes can slow down entire projects. Instead, IT needs to be okay learning along the way and using the assistance of cloud services vendors. This doesn’t mean going all-in without knowing the potential pitfall, but if you believe, as I do, that the shift is inevitable, the sooner you start the better you’ll be. This can be done in a low-risk fashion; non-mission–critical apps, for example, can be a good starting point for cloud conversion. Maybe your organization is not quite ready to let go of PeopleSoft (never mind that it was acquired more than a decade ago), but perhaps the company is ready to move to Jobvite to accelerate hiring. Ultimately, the ease of use and dividends in production, efficiency, and cost following the transition will speak for themselves, superseding the unconstructive risk aversion.
Moreover, organizations are saddled by concerns over their inability to detect the applications already in use, such as email services, file storage platforms, shadow IT, among others. With proper visibility, businesses can map out these services and new ones as they’re added to ensure risk is mitigated. Why stay in the dark when it’s possible to progressively assess the organization’s risk appetite?
Arriving on time
Finally, organizations need to remember that cloud transformation does not all have to be done at once; it should be done at the pace that is right for yours. Gone are the days of 18-month integration projects leading to major rollouts of static software. User-led adoption and proliferation are the new norm. Cloud services and applications can be merged into existing infrastructures by chipping away at the legacy stack over time. The process itself will require a lot of trust in those who understand the cloud — inside your company and among third-party vendors. As such, organizations will need to hire people who know how to leverage the cloud or those who have done it before, while ensuring that those people are mindful of business strategy.
The cloud transformation is already leaving many behind, and organizations seeking success in the modern business environment should not be among them. This shift opens up new opportunities and threats for businesses, and IT teams must help their organizations make progress instead of hindering it. All it takes is a little trust and a willingness to learn as the journey unfolds.
