Public cloud services can be purchased inexpensively, spun up quickly, and utilized with ease. As a result, they’re being widely and swiftly adopted by enterprise organizations. But it’s not always the IT department that’s acquiring or paying for such services. These days, business groups are increasingly taking IT matters into their own hands.
“Our large customers are using 730 cloud services on average,” says Bob Dimicco, senior director and general manager of the Cisco Cloud Consumption Services practice. “But their IT organizations typically have no visibility—or even awareness—of 15-20 percent of those services.”
According to Dimicco, this lack of visibility can have serious consequences:
- Putting business applications in the public cloud often places sensitive intellectual property, employee, and customer data beyond a company’s firewall.
- Not all cloud providers are able to comply with industry regulations or regional data sovereignty laws.
- Many won’t survive the torrent of competition or the inevitable market consolidation.
“Data security and compliance are very real concerns,” says Dimicco. “The bigger concern is that there typically is no individual or group within a company overseeing the adoption of public cloud services. A lack of visibility, governance, and control invariably leads to business risks and high costs.”
IT processes and red tape
According to Melanie Posey, research vice president at IDC, public cloud services aren’t the problem, and neither are the business groups adopting them. Conventional IT processes and red tape are the culprits. With countless IT departments still taking months to select, procure, configure, deploy, and integrate technology resources, it’s no wonder business teams purchase their own cloud services—a task that only requires a credit card and can be accomplished in minutes.
“Many IT groups are living in the 1970s, with a big mainframe that nobody can touch,” says Posey. “They need to figure out how to evolve, and find ways to serve their business teams better, faster, and cheaper. And they need to break out of the mindset that they have to do everything themselves.”
Both Posey and Dimicco agree that IT departments must form a new relationship with their business counterparts. They must establish new lines of communication, so IT leaders can better address the priorities and initiatives of business teams and business teams can better understand the potential risks and costs of ungoverned cloud adoption.
“This isn’t a power struggle between IT and the business, who share a lot of common ground. There just needs to be more communication and collaboration,” says Posey. “IT can no longer stay locked in their data center; they must get out and talk to business groups. And they must create processes that allow business teams to do their own thing, but with some overarching governance.”
Coming to the table with facts
Software tools and professional services that shed light on cloud usage can help stimulate and advance these discussions, Dimicco says. Cisco Cloud Consumption Services, for example, help discover and analyze public cloud usage. And they provide a baseline for IT and business teams to discuss and optimize cloud utilization, risks, and costs.
“One of our customers recently found that they were using 41 different cloud-based collaboration services, half of which were redundant,” Dimicco recalls. “That insight prompted dialogue between IT and the business, which led to standardization, service aggregation, and significantly reduced costs.”
“The first step is acknowledgement, and it always helps to come to the table armed with facts,” says Posey. “The second step is agreeing on a solution. Figuring out how to facilitate a more centralized approach to cloud procurement and governance is in everyone’s best interest.”
According to Dimicco, IT organizations should assume that their company is using more and spending more on cloud services than they realize. And they can assume it will grow quickly over time, as much as 20-25 percent or more each year.
“If you have a problem now, it will be worse in 12 months,” Dimicco claims. “Organizations need to be proactive before data is lost, before risk becomes a real problem, and before costs get out of hand.”