I participate in a twitter conversation every Thursday with HP and some other bloggers/analysts talking about a different concept or subject in the cloud space, it’s always interesting and re-enforces my bridging skills. Something remains important to me, you see I meet cloud analysts all the time, I speak with CIOs, Heads of IT, colleagues, analysts not to mention the MacLeod family network (Dad, Ewan and Fraser). Today in our twitter chat we were talking about information security and how that affected cloud, specifically the personal cloud.
Let me before we begin declare the following I like cloud, I’m a fan. I totally understand the concepts, the drivers behind it, how it can empower businesses, how it can create not only opportunities on a simple level for example disaster recovery services or compute on demand but for revenue and on-boarding new customers.
Cloud quite literally can be the vehicle to grow your business, to create opportunities where acquisition or start up costs or even experience would have been a barrier befpre. Now I can contact my service provider, my vendor or technical partner and say, is this something you can help me with via one of those flexible and accessible pay on use type models.
My older brother is going around advising companies on the way forward, on cloud, on agile IT, talking about Bring Your Own device, remote working, concepts like shock/horror wireless networking and cloud technology in the enterprise. He’s making it real, working out the business requirements and matching them to the latest, most cost and operationally efficient solutions. Ewan will often bounce ideas of the two of us, what would happen if I did this, what would the response be, or why don’t we do this and we’ll explain the background, the arguments just why we can’t have progress, after-all it’s not fully British.
Though at this point, at the back of my mind and sometimes when I hear cloud evangelists speak (even at times when Ewan is talking about how ridiculous something is), I can’t help but feel ever so little a bit defensive. Don’t get me wrong, everything they say is right, the comments about agility and lead times, the poor delivery for which there is no excuse, the performance and cost structures of those legacy IT departments are all valid points, but for just one second, appreciate that IT lives by the rules and funding applied to it. IT has for so long been seen not necessarily as a business partner with whom to engage but a cost liability, whilst at the same time, IT got a little too comfortable selling boxes, issuing governance statements and reports as well as helpful documents illustrating why it just doesn’t work like that, there is no Windows 2008 server build because nobody asked for one and would provide a cost center.
Your IT is your business, you get what you put in, there is an inherit cost of doing business whether it’s hosted internally or on a cloud environment. An issue so wonderfully illustrated by the recent RBS/NatWest computer failure where even my wife said don’t you press rollback or undo button?
What lies in the back of my mind when thinking cloud are two key concepts. To leverage cloud we need to understand our environment, our business, and we need to understand under what terms we are requesting and purchasing it, what level of ownership and control we want over it. When I say understand ‘the environment’, ‘the business case’, I mean understand the objectives, the data flows, the upstream/downstream feeds, the user community expectations on cost, on functionality and interest, the data requirements where it’s stored what the recovery requirements are, and fundamentally not because Gerald said so, but what the actual business drivers and requirements are end to end, from client through processing back out to market. This allows us to effectively place a value upon the service or functionality. This is for me where it gets interesting, because we often then discover some ‘home truths’, when we place a value on a system, an application, it often allows us to explore the value proposition, how much of our shareholders money are we spending to provide that service to our clients? Is it a loss leader or is it a service that we could integrate to an associated or linked service, or is it something that we could phase out and re-invest the costs into something more profitable without anyone really noticing? It empowers us to be making the right decisions not only with the technology but with our business applications. When I say value, it might be the availability benchmarks, the number of transactions, the cost per transaction, the profitability or ‘acceptable’ cost of purchasing that application or suite of applications.
So going back (as I digress) to my original #convcloud conversation on information security, how I saw information security in the cloud. My key points? Your information security strategy needed to be updated for Bring Your Own Device, just as you would update the infrastructure, the procedures and processes. That the information security strategy should be adapted for each range of end user communities to fit their regional, organizational and location based regulatory requirements, what works for one line of business or department might not for another. Bring Your Own Device means understanding not only the infrastructure, the data sharing, the feeds as well as the types of data but also the business requirements and rules of engagement, not to mention the end user device compatibility matrix and rules of interaction or internal procedures. The information security strategy has to encompass the end to end data and application transaction from my MacBook Pro with the Citrix client running on olden days port 1494 through to my XenApp servers publishing my organization approved applications and desktop, with the appropriate functionality for my role, my department and line of business.
Cloud computing brings us the opportunity to start deploying the right range of technologies based on the business needs and associated drivers, to align IT delivery with business requirements and in doing so transforming costs, increasing organizational and technological agility to empower revenue generation going forward.