CIOs’ transition from CI-no to the key to business transformation
It has been about a decade since cloud computing emerged as the third platform — the next phase of the IT revolution beyond mainframe and client/server.
It has taken a while, but cloud services as a platform for enterprise computing are showing signs of maturity, especially where data security and regulatory compliance are concerned.
In the past, these two areas have caused a lot of restless nights for CIOs wondering where their enterprise data is and who is accessing it.
Many CIOs are reluctant to adopt cloud services, at least until they can feel confident that enterprise data isn’t at risk and that compliance requirements can be met.
But that hasn’t stopped individual employees and entire lines of business (LoBs) from choosing and using their own cloud services that will help them do their jobs. They have simply bypassed the IT organisation to take charge of their own productivity.
But now – at last – things are falling into place to help the CIOs eliminate the perception of being viewed as the “CI-no” and once again become the “chief information enabler” of their business.
Where cloud computing is concerned, there are two questions that every CIO has no doubt asked innumerable times: “Who is doing what in the cloud?” and “Is our data safe?”. Cloud vendors have heard these concerns loud and clear and have responded with enterprise-grade solutions.
Take data security, for example. “Encryption everywhere” is now the CIO’s mantra and various solutions from cloud service providers and third party vendors make this possible.
What’s more, innovative approaches to traditional encryption allow the functionality of an application to be preserved – to search for records or data strings, to sort on specified criteria, and so on – all while the data is still encrypted.
File-level security can follow the information wherever it goes — even onto users’ personally owned devices.
Encryption is now embedded into cloud applications such that end users aren’t even aware of it.
The encryption/decryption processes are hidden in the background and the user experience of the application is not disrupted. And importantly, key management is where it belongs: in the hands of the enterprise that owns the data.
As for visibility of who is doing what in the cloud, that issue has been solved as well. Today an IT organisation can establish a virtual “cloud edge” to enforce policies spanning authentication, identity management, access control, encryption, data loss prevention, audit trail, and more.
Just like it was in the mainframe and the client-server era, there are third-party solutions that provide detailed audit trail of all actions and alert security teams of anomalous activities, thus satisfying the need to know “who is doing what” for corporate governance and compliance.
Now that those majors concerns have been addressed, CIOs can turn their attention from managing servers and infrastructure to cloud enablement.
The indiscriminant use of cloud services has left many organisations with data scattered here and there, and numerous applications and services in use for the exact same functions.
For example, Skyhigh Network’s 2013 Cloud Adoption & Risk Report shows that the average company has 19 different cloud-based file sharing and collaboration tools in use.
It’s ironic that various working groups engage with cloud services in order to share information more easily, and the end result for the enterprise overall is that collaboration is hindered when people store their working files in different services, thus creating new silos.
Being the chief enabler for the enterprise means understanding not just which cloud services employees have purchased or signed up for, but which ones they actually use and get real value out of.
Then it’s the CIO’s responsibility to lead the evaluation of those services for risks and benefits, and standardise on and promote the ones that best meet the organisation’s needs. In this way, the CIO can maximise the value of the services and help drive an organised and productive movement to the cloud.
Ralph Loura, CIO of The Clorox Company – in his case, CIO stands for chief innovation officer” – enlists company employees to explore and experiment with new cloud services to see which ones can bring value to the enterprise.
Once the employees have made their recommendations, the IT team enables the rest of the employee population by taking those self-selected (as opposed to IT-provided) services and going “deep” by integrating them with their enterprise systems, such as via single sign-on.
IT also can negotiate corporate licenses for the selected services to reduce costs. Loura’s customer-focused way of thinking is one reason he was bestowed with Consumer Goods Technology’s inaugural CIO of the Year Award in 2013.
This type of approach takes the IT organisation from being considered an inhibitor to one of a true partner. Of course we wouldn’t expect that the IT team will blindly enable all cloud services employees choose because some services are not enterprise-ready or are otherwise high risk.
However by getting the pulse of employee need and gaining access to a wide repository of finely categorised cloud apps and deep insight into the enterprise-readiness of each app, IT and the CIO can assume a data-driven, consultative role with the employees and address the seemingly conflicting needs of enabling employee productivity while maintaining data security, compliance and governance.
Being a proactive CIO is not just about looking at what cloud services are already in use, but also what could be put to use to unleash innovation and creativity. For example, DirecTV’s CIO Mike Benson travels to Silicon Valley twice a year to meet with venture capital firms in order to learn about the technology companies in their portfolios.
In a single day he can review the offerings of ten or so startup companies that may have innovative approaches to the business needs that Benson’s company wants to address. This gets the company out of the rut of only looking at what traditional vendors have to offer.
Cloud-based services are advancing so rapidly that Benson feels it’s important to seek out and bring home new ideas and solutions that can add value to the business.
CIOs who are still saying “no” to the cloud are often basing their decision on old perceptions that data is insecure in the cloud and the use of applications and services is inherently risky.
Cloud computing has matured considerably over the past decade. It’s clearly time for CIOs to abandon the attitude of “no” and become enablers to help their companies reap the benefits of cloud computing.